aws-secrets-rotationlisted

# AWS Secrets Rotation Automate rotation of secrets, credentials, and API keys using AWS Secrets Manager and Lambda. ## When to Use Use this skill when you need to implement automated secrets rotation, manage credentials securely, or comply with security policies requiring regular key rotation. ## Supported Secret Types **AWS Services** - RDS database credentials - DocumentDB credentials - Redshift credentials - ElastiCache credentials **Third-Party Services** - API keys - OAuth tokens - SSH keys - Custom credentials ## Secrets Manager Setup ### Create a Secret ```bash # Create RDS secret aws secretsmanager create-secret \ --name prod/db/mysql \ --description "Production MySQL credentials" \ --secret-string '{ "username": "admin", "password": "CHANGE_ME", "engine": "mysql", "host": "mydb.cluster-abc.us-east-1.rds.amazonaws.com", "port": 3306, "dbname": "myapp" }' # Create API key secret aws secretsmanager create-secret \ --name prod/api/stripe \ --secret-string '{ "api_key": "sk_live_xxxxx", "webhook_secret": "whsec_xxxxx" }' # Create secret from file aws secretsmanager create-secret \ --name prod/ssh/private-key \ --secret-binary fileb://~/.ssh/id_rsa ``` ### Retrieve Secrets ```bash # Get secret value aws secretsmanager get-secret-value \ --secret-id prod/db/mysql \ --query 'SecretString' --output text # Get specific field aws secretsmanager get-secret-value \ --secret-id prod/db/mysql \ --query 'Secret