Manage AWS secret stores

This topic includes a description on the secret store details that appear in the UI, and how to edit or delete a secret store.

Secret stores details

Secrets Hub's Targets page displays the secret store in your tenant.

The Targets lists displays the defined targets and the sync policies associated with each target.

You can view additional details about a target by clicking More options () and selecting View details.

These details include the secret store's ID in Secrets Hub, and the AWS account ID. These can be useful if you want to view audits of a specific target by its ID, or if you want to list all the secret stores belonging to a specific AWS account.

Edit secret store

If your secret store details become out of sync, for example, if the Secrets Hub IAM role was changed in the AWS Secrets Manager account and is no longer synchronized with Secrets Hub, you can edit your secret store details.

To edit a secret store
  1. In Secrets Hub, click Targets, select the required target from the list, and then, from the actions menu, click Edit.

    Edit target secret store button

  2. You can edit the following properties:


    Additional info

    AWS account aliasThe secret store name is updated accordingly.

    Secrets Hub IAM role



  3. We recommend that you test the connection between Secrets Hub and your AWS Secrets Manager target after you make changes.

  4. Click Done.

Delete secret store

You can delete a secret store if it does not have linked sync policies. If it does, disable the sync policies and then delete them before deleting the secret store.

The secrets synced by Secrets Hub to this deleted target won't be removed from AWS Secrets Manager.

We recommend that you delete the secrets from AWS Secrets Manager after developers and workloads stop working with these secrets to avoid breaking production processes.

In addition:

  • Secrets Hub tags are not removed.

  • Secrets Hub won't sync the secrets to this target unless a new sync policies are created for it again.

  • If secrets are marked for deletion in AWS Secrets Manager they can no longer be updated unless their deletion is canceled manually.