AWS Secrets Manager names are suffixed!

Secrets Manager in AWS is a great little service for stashing credentials and other sensitive materials that an application you develop might want to use. Classic examples are database passwords. There is a gotcha that you need to be careful about when using it though.

When you create a secret, you have to give it a name. Secrets Manager then creates an ARN using this name and adds a suffix consisting of a hyphen plus six random characters. That means if your name also ends with a hyphen and six characters, you are going to break searching for secrets by name. Secrets Manager will think your name is actually the complete ARN. You would think this problem wouldn’t come up that frequently but there are a lot of common six letter terms that people like to use as suffixes. For example:

  • -config
  • -secret
  • -passwd

As a best practice, just don’t use hyphens in secret names.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: