.svg)
AWS Secrets Manager introduces safe secrets handling in the Agent Toolkit for AWS
AWS Secrets Manager Secret Safety Skill
AWS Secrets Manager now offers a secret safety skill as part of the aws-core plugin in the Agent Toolkit for AWS, an open-source repository that equips AI coding agents with tools, knowledge, and guardrails for building on AWS. This skill allows developers to use secrets within agentic workflows without exposing secret values to the underlying model or session logs.
Until now, developers using AI coding agents could retrieve secrets as plain text without any guardrails, potentially bringing sensitive values into agent context. With this new skill, agents can securely retrieve and consume secrets without passing secret values through the context window, adding a layer of protection.
The skill uses a two-layer approach:
- It steers the agent so the model never requests or receives a raw secret value—instead prompting the developer to clarify intent and constructing a command that uses the secret rather than retrieving it.
- A child process resolves secret references to actual values only at execution time, outside the agent process.
Together, these layers ensure plaintext secrets never appear in model context, session logs, or agent memory—without disrupting the developer's workflow.
What to do
- Visit the Agent Toolkit for AWS repository on GitHub and install the aws-core plugin for your preferred coding agent.
- Refer to the documentation for details.
Source: AWS release notes
If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.
