AWS bedrock-agentcore high security documentation change
Summary
Added client secret storage options allowing direct entry or Secrets Manager reference
Security assessment
Introduces secure storage options for client secrets by adding AWS Secrets Manager integration, reducing exposure of sensitive credentials through direct entry. Mitigates secret leakage risks.
Diff
diff --git a/bedrock-agentcore/latest/devguide/identity-add-oauth-client-included.md b/bedrock-agentcore/latest/devguide/identity-add-oauth-client-included.md index de3378ec0..e2855b107 100644 --- a//bedrock-agentcore/latest/devguide/identity-add-oauth-client-included.md +++ b//bedrock-agentcore/latest/devguide/identity-add-oauth-client-included.md @@ -27 +27,11 @@ Built-in providers offer streamlined setup for popular services including Google - 2. For **Client secret** , enter the confidential key associated with your client ID. AgentCore Identity securely stores this value for authentication. + 2. For **Client secret selection method** , choose one of the following options: + + 1. **Provide Client secret** – Enter the client secret value directly. + + 1. For **Client secret** , enter the confidential key associated with your client ID. AgentCore Identity securely stores this value for authentication. + + 2. **Provide Client secret via Secrets Manager** – Reference a secret stored in AWS Secrets Manager instead of entering the value directly. + + 1. For **Secrets Manager** , enter or select the ARN of the Secrets Manager secret that contains your client secret. + + 2. For **JSON key** , enter the JSON key in your Secrets Manager secret that contains the client secret value for your OAuth client.