{"slug":"iam-aws-secretsmanager","cloud":"aws","service":"secretsmanager","title":"AWS Secrets Manager (IAM)","description":"AWS Secrets Manager is a service for securely storing, rotating, and managing access to secrets such as database credentials, API keys, and other sensitive information.","category":"security","common_permissions":["secretsmanager:ListSecrets","secretsmanager:DescribeSecret","secretsmanager:GetSecretValue","secretsmanager:CreateSecret","secretsmanager:PutSecretValue","secretsmanager:TagResource","secretsmanager:GetRandomPassword","secretsmanager:GetResourcePolicy"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"secretsmanager:ListSecrets\",\n        \"secretsmanager:DescribeSecret\",\n        \"secretsmanager:GetSecretValue\",\n        \"secretsmanager:CreateSecret\",\n        \"secretsmanager:PutSecretValue\",\n        \"secretsmanager:TagResource\",\n        \"secretsmanager:GetRandomPassword\",\n        \"secretsmanager:GetResourcePolicy\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid secretsmanager:* — grants full control including secret deletion and value retrieval","Avoid secretsmanager:GetSecretValue unless needed — exposes plaintext secret values"],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/secretsmanager/secretsmanager.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:48:55.212Z","updated_at":"2026-06-14T04:48:55.212Z"}