AWS secretsmanager documentation change
Summary
Replaced 'Secrets Manager Agent' with 'AWS Workload Credentials Provider' regarding post-quantum TLS implementation
Security assessment
The change updates the component name but maintains identical security content about post-quantum TLS. No new security features or vulnerability fixes are introduced.
Diff
diff --git a/secretsmanager/latest/userguide/pqtls.md b/secretsmanager/latest/userguide/pqtls.md index 06ab39479..caa55b3e2 100644 --- a//secretsmanager/latest/userguide/pqtls.md +++ b//secretsmanager/latest/userguide/pqtls.md @@ -9 +9 @@ -Secrets Manager supports a hybrid post-quantum key exchange option for the Transport Layer Security (TLS) network encryption protocol. You can use this TLS option when you connect to Secrets Manager API endpoints. We're offering this feature before post-quantum algorithms are standardized so you can begin testing the effect of these key exchange protocols on Secrets Manager calls. These optional hybrid post-quantum key exchange features are at least as secure as the TLS encryption we use today and are likely to provide additional security benefits. However, they affect latency and throughput compared to the classic key exchange protocols in use today. The Secrets Manager Agent uses the post-quantum ML-KEM key exchange as the highest-priority key exchange by default. +Secrets Manager supports a hybrid post-quantum key exchange option for the Transport Layer Security (TLS) network encryption protocol. You can use this TLS option when you connect to Secrets Manager API endpoints. We're offering this feature before post-quantum algorithms are standardized so you can begin testing the effect of these key exchange protocols on Secrets Manager calls. These optional hybrid post-quantum key exchange features are at least as secure as the TLS encryption we use today and are likely to provide additional security benefits. However, they affect latency and throughput compared to the classic key exchange protocols in use today. The AWS Workload Credentials Provider uses the post-quantum ML-KEM key exchange as the highest-priority key exchange by default.