AWS Secrets Manager helps you protect the secrets needed to access IT applications, services, and resources. The service allows you to easily switch, manage, and retrieve database credentials, API keys, and other secrets throughout its lifecycle. Users and applications regain secrets with a call to Secrets Manager APIs, which eliminates the need to encode sensitive information in plain text. It is essential that we be prepared for any failures, given the importance of a key stored in AWS Secrets Manager, it is crucial to have a replica of it across-region. This is what the following exercise will teach, replication of the secret key in more than one region.
This exercise will show you the step-by-step to replicate your secret key (Secret) in AWS Secrets Manager from one source region to another within AWS.
By the end of this exercise, you will be able to:
Estimated Duration: 20 minutes
Approximate Cost: 1 USD
In this exercise, the following steps will be performed:
NOTE: In this exercise, the key will be replicated from the primary region. Virginia for the secondary region Ohio, however, this same procedure can be performed in other regions.
Locate the Secret Created in AWS Secrets Manager > Secrets
Click the Secret you want to replicate to another region
On the Selected Secret tab, click Replicate secret to other regions
On the tab Add replica regions, configure replication details. In the field AWS Region select the region Ohio
Click Complete adding region (s)
You can add more than one region for replication by clicking **Add more regions**
Ready! You just replicated your Secret to another AWS region.
Select the region to which the Secret was replicated Ohio
Find the Replicated Secret at AWS Secrets Manager > Secrets
The Replicated Secret is associated with Primary Secret, to make it independent just click Promote to standalone secret
With this exercise you learned how to replicate secret keys (Secrets) to another region using the AWS Secrets Manager service. If any incidents occur, you can use the secret keys to access your resources in another AWS region.
Source: AWS Secrets Manager