AWS Secrets Manager console now supports custom input for AWS KMS keys

AWS Secrets Manager Console Update

AWS Secrets Manager console now allows you to specify a custom customer managed AWS Key Management Service (KMS) key when creating secrets. You can now provide a KMS key Amazon Resource Name (ARN) directly in the console, in addition to selecting from the pre-populated list of KMS keys in your current account.

Previously, when creating a secret through the AWS Secrets Manager console, you could only select customer managed KMS keys from a dropdown list that displayed keys within the same AWS account. With this enhancement, you can now enter a KMS key ARN to use a key from a different account, aligning the console experience with the existing API capabilities. This simplifies cross-account encryption workflows and provides greater flexibility in managing your encryption keys across multiple accounts.

What to do

• Update your secret creation workflows to utilize the new KMS key input feature.
• Review your cross-account encryption strategies to leverage this new capability.

This feature is available in all AWS Regions where AWS Secrets Manager is available. To learn more about using customer managed KMS keys with AWS Secrets Manager, visit the AWS Secrets Manager documentation.

If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.