AWS secretsmanager documentation change
Summary
Removed hyperlink to envelope encryption concept page without altering content
Security assessment
Formatting change (removing a hyperlink) with no impact on security documentation or practices.
Diff
diff --git a/secretsmanager/latest/userguide/security-encryption.md b/secretsmanager/latest/userguide/security-encryption.md index 09a97f996..2405dbf28 100644 --- a//secretsmanager/latest/userguide/security-encryption.md +++ b//secretsmanager/latest/userguide/security-encryption.md @@ -9 +9 @@ Choosing a AWS KMS keyWhat is encrypted?Encryption and decryption processesPermi -Secrets Manager uses [envelope encryption](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#enveloping) with AWS KMS [keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) and [data keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) to protect each secret value. Whenever the secret value in a secret changes, Secrets Manager requests a new data key from AWS KMS to protect it. The data key is encrypted under a KMS key and stored in the metadata of the secret. To decrypt the secret, Secrets Manager first decrypts the encrypted data key using the KMS key in AWS KMS. +Secrets Manager uses envelope encryption with AWS KMS [keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) and [data keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) to protect each secret value. Whenever the secret value in a secret changes, Secrets Manager requests a new data key from AWS KMS to protect it. The data key is encrypted under a KMS key and stored in the metadata of the secret. To decrypt the secret, Secrets Manager first decrypts the encrypted data key using the KMS key in AWS KMS.