Skip to content

Greengrass component that manages sensitive data stored with Greengrass. It supports secrets stored in AWS Secrets Manager and provides APIs for components to fetch secrets locally.

License

Notifications You must be signed in to change notification settings

aws-greengrass/aws-greengrass-secret-manager

Secret Manager

Secret Manager is a Greengrass component that manages sensitive data stored with Greengrass. It supports secrets stored in AWS Secrets Manager and provides APIs for components to fetch secrets locally. It also provides backward compatible v1 secret APIs for lambda components. The secret manager component is optional and runs in the same JVM as the Greengrass Nucleus.

FAQ

  1. How are secrets stored on the Greengrass device?

    Secrets are stored encrypted using the IoT Thing key associated with the Nucleus.

  2. When are secrets synchronized from the cloud?

    Secrets are fetched only with deployments (cloud/local) to the Nucleus. Since secrets are changes less frequently in cloud, optimizing for intelligent fetching when device could be offline for longer period of time does not have much benefit. Instead, deployment offers the best window, where device needs to have some connectivity to sync with cloud.

Security

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License.

About

Greengrass component that manages sensitive data stored with Greengrass. It supports secrets stored in AWS Secrets Manager and provides APIs for components to fetch secrets locally.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Languages