Our Blog

AWS Secrets Manager now supports hybrid post-quantum TLS to protect secrets from quantum threats

Published
April 14, 2026
https://aws.amazon.com/about-aws/whats-new/2026/04/aws-secrets-manager-post-quantum-tls/

AWS Secrets Manager Hybrid Post-Quantum Key Exchange Support

AWS Secrets Manager now supports hybrid post-quantum key exchange using ML-KEM to secure TLS connections for retrieving and managing secrets. This feature is automatically enabled in Secrets Manager Agent (version 2.0.0+), AWS Lambda Extension (version 19+), and Secrets Manager CSI Driver (version 2.0.0+). For SDK-based clients, it is available in supported AWS SDKs including Rust, Go, Node.js, Kotlin, Python (with OpenSSL 3.5+), and Java v2 (v2.35.11+).

This update helps protect against both traditional cryptographic attacks and future quantum computing threats. No code changes, configuration updates, or migration effort are required for customers using the latest client versions except for Java v2. You can verify hybrid post-quantum key exchange is active by checking CloudTrail logs for the "X25519MLKEM768" key exchange algorithm in the tlsDetails field of GetSecretValue API calls.

What to do

  • Upgrade to the latest Secrets Manager Agent version to enable hybrid post-quantum key exchange.
  • Verify the key exchange algorithm in CloudTrail logs.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/12/amazon-s3-vectors-generally-available

Amazon S3 Vectors is now generally available with 40 times the scale of preview

Amazon S3 Vectors, the first cloud object storage with native support to store and query vectors, is now generally available
Read more
https://aws.amazon.com/about-aws/whats-new/2026/02/aws-batch-provides-job-queue-share-utilization

AWS Batch now provides Job Queue and Share Utilization Visibility

AWS Batch now provides Queue and Share Utilization Visibility, giving you insights into how your workloads are distributed across compute resources
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/aws-outposts-2u-server-govcloud-regions

AWS Outposts 2U server is now available in the AWS GovCloud (US) Regions

AWS Outposts 2U server is now supported in the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions
Read more
View all