AWS Config Rule: Secrets Manager Secret Unused

SECRETSMANAGER_SECRET_UNUSED

Fernando Honig

Last Update 8 months ago

Description: Checks if AWS Secrets Manager secrets have been accessed within a specified number of days. The rule is NON_COMPLIANT if a secret has not been accessed in ‘unusedForDays’ number of days. The default value is 90 days.


Trigger type: Periodic


AWS Region: All supported AWS regions except Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West) Region


How to Resolve Manually

To resolve manually, you can simply delete any secrets which trigger this rule to become NON_COMPLIANT. There should be little reason to continue to store a secret if it has not been accessed or used within the last 90 days.


You can see an overview of when your secrets were last used in the Secrets Manager Dashboard as pictured below.


To delete a Secret, click into the particular secret you wish to delete, hit the top "Actions" drop down box and choose Delete Secret.


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us