AWS Security ChangesHomeSearch

AWS secretsmanager high security documentation change

Service: secretsmanager · 2026-06-04 · Security-related high

File: secretsmanager/latest/userguide/mes-partner-DatadogApiKey.md

Summary

Added critical note about rotation policy limitations for DatadogAdminKey secrets and required configuration adjustments.

Security assessment

Addresses security configuration gap in secret rotation for admin keys. Highlights potential permission failures and provides mitigation guidance.

Diff

diff --git a/secretsmanager/latest/userguide/mes-partner-DatadogApiKey.md b/secretsmanager/latest/userguide/mes-partner-DatadogApiKey.md
index 50712d5e0..d1663b5cd 100644
--- a//secretsmanager/latest/userguide/mes-partner-DatadogApiKey.md
+++ b//secretsmanager/latest/userguide/mes-partner-DatadogApiKey.md
@@ -50,0 +51,2 @@ You can create your secret using the [CreateSecret](https://docs.aws.amazon.com/
+The admin secret type (`DatadogAdminKey`) differs from the user secret type (`DatadogApiKey`). Because of this difference, the default rotation role policy scoped by `secretsmanager:resource/Type` will not grant access to the admin secret. You must explicitly provide the rotation role access to the admin secret. You can do this by adding a statement scoped to the `DatadogAdminKey` type. Alternatively, specify the admin secret `ARN` directly in the role policy.
+