Generally, any digital certificates for authentication that are created when you access an application or a service, such as passwords, tokens, certificates, SSH keys, API keys, or other confidential information, will be directly embedded into the application configuration file in plaintext, which is inherently insecure. With SSM, you can effectively avoid risks such as hardcoding sensitive data.
Management of credentials such as database credentials, API keys, and account passwords.
Hardcoding sensitive credential information and plaintext-based storage creates security risks.
You can replace hardcoded credentials (including passwords) in the code with calls to Secrets Manager API to dynamically retrieve credentials programmatically. This ensures that your keys will not be disclosed to people who can view your code, as the code will no longer store any sensitive information.