AWS Security ChangesHomeSearch

AWS secretsmanager documentation change

Service: secretsmanager · 2025-11-13 · Documentation low

File: secretsmanager/latest/userguide/reference_available-policies.md

Summary

Added documentation for AWSSecretsManagerClientReadOnlyAccess managed policy including permissions and KMS integration details.

Security assessment

Introduces a new security feature (read-only access policy) but does not indicate remediation of a security vulnerability.

Diff

diff --git a/secretsmanager/latest/userguide/reference_available-policies.md b/secretsmanager/latest/userguide/reference_available-policies.md
index e6a79c1d0..198347732 100644
--- a//secretsmanager/latest/userguide/reference_available-policies.md
+++ b//secretsmanager/latest/userguide/reference_available-policies.md
@@ -5 +5 @@
-SecretsManagerReadWritePolicy updates
+SecretsManagerReadWriteAWSSecretsManagerClientReadOnlyAccessPolicy updates
@@ -55,0 +56,17 @@ To view the policy, see [SecretsManagerReadWrite JSON policy document](https://d
+## AWS managed policy: AWSSecretsManagerClientReadOnlyAccess
+
+This policy provides read-only access to AWS Secrets Manager secrets for client applications. It allows principals to retrieve secret values and describe secret metadata, along with the necessary AWS KMS permissions to decrypt secrets that are encrypted with customer-managed keys.
+
+**Permissions details**
+
+This policy includes the following permissions.
+
+  * `secretsmanager` – Allows principals to retrieve secret values and describe secret metadata.
+
+  * `kms` – Allows principals to decrypt secrets using AWS KMS keys. This permission is scoped to keys used by Secrets Manager through service-specific conditions.
+
+
+
+
+To view more details about the policy, including the latest version of the JSON policy document, see [AWSSecretsManagerClientReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSSecretsManagerClientReadOnlyAccess.html) in the _AWS Managed Policy Reference Guide_.
+
@@ -61,0 +79 @@ Change | Description | Date | Version
+AWSSecretsManagerClientReadOnlyAccess – New managed policy |  Secrets Manager created a new managed policy to provide read-only access to secrets for client applications. This policy allows retrieving secret values and describing secret metadata, with the necessary AWS KMS permissions to decrypt secrets. | November 5, 2025 | v1