# AWS Secrets Manager secrets managed by other AWS services
Many AWS services store and use secrets in AWS Secrets Manager. In some cases, these secrets are *managed secrets*, which means that the service that created them helps manage them. For example, some managed secrets include [managed rotation](rotate-secrets_managed.md), so you don't have to configure rotation yourself. The managing service might also restrict you from updating secrets or deleting them without a recovery period, which helps prevent outages because the managing service depends on the secret.
**Note**
Managed secrets can only be created by the AWS service that manages them.
Managed secrets use a naming convention that includes the managing service ID to help identify them.
```
Secret name: ServiceID!MySecret
Secret ARN : arn:aws:us-east-1:ServiceID!MySecret-a1b2c3
```
**IDs for services that manage secrets**
+ `appflow` – [How Amazon AppFlow uses AWS Secrets Manager](integrating_how-services-use-secrets_appflow.md)
+ `databrew` – [How AWS Glue DataBrew uses AWS Secrets Manager](integrating_how-services-use-secrets_databrew.md)
+ `datasync` – [How AWS DataSync uses AWS Secrets Manager](integrating_how-services-use-secrets_datasync.md)
+ `directconnect` – [How AWS Direct Connect uses AWS Secrets Manager](integrating_how-services-use-secrets_directconnect.md)
+ `ecs-sc` – [Amazon Elastic Container Service](integrating_how-services-use-secrets_ecs-sc.md)
+ `events` – [How Amazon EventBridge uses AWS Secrets Manager](integrating_how-services-use-secrets_events.md)
+ `marketplace-deployment` – [AWS Marketplace](integrating_how-services-use-secrets_marketplace-deployment.md)
+ `opsworks-cm` – [How AWS OpsWorks for Chef Automate uses AWS Secrets Manager](integrating_how-services-use-secrets_opsworks-cm.md)
+ `pcs` – [How AWS Parallel Computing Service uses AWS Secrets Manager](integrating_how-services-use-secrets_pcs.md)
+ `rds` – [How Amazon RDS uses AWS Secrets Manager](integrating_how-services-use-secrets_RDS.md)
+ `redshift` – [How Amazon Redshift uses AWS Secrets Manager](integrating_how-services-use-secrets_RS.md)
+ `sqlworkbench` – [Amazon Redshift query editor v2](integrating_how-services-use-secrets_sqlworkbench.md)
To find secrets that are managed by other AWS services, see [Find managed secrets](manage_search-secret.md).
# AWS services that use AWS Secrets Manager secrets
**Topics**
+ [App Runner](integrating_how-services-use-secrets_ARlong.md)
+ [AWS App2Container](integrating_how-services-use-secrets_App2Container.md)
+ [AWS AppConfig](integrating_how-services-use-secrets_APPC.md)
+ [Amazon AppFlow](integrating_how-services-use-secrets_appflow.md)
+ [AWS AppSync](integrating_how-services-use-secrets_APSYlong.md)
+ [Amazon Athena](integrating_how-services-use-secrets_ATElong.md)
+ [Amazon Aurora](integrating-AUR.md)
+ [AWS CodeBuild](integrating-codebuild.md)
+ [Amazon Data Firehose](integrating_how-services-use-secrets_AKF.md)
+ [AWS DataSync](integrating_how-services-use-secrets_datasync.md)
+ [Amazon DataZone](integrating_how-services-use-secrets_datazone.md)
+ [Direct Connect](integrating_how-services-use-secrets_directconnect.md)
+ [AWS Directory Service](integrating_how-services-use-secrets_Dir.md)
+ [Amazon DocumentDB](integrating_how-services-use-secrets_DocDBlong.md)
+ [AWS Elastic Beanstalk](integrating_AEB.md)
+ [Amazon Elastic Container Registry](integrating_ECR.md)
+ [Amazon Elastic Container Service](integrating_how-services-use-secrets_ecs-sc.md)
+ [Amazon ElastiCache](integrating_ELC.md)
+ [AWS Elemental Live](integrating_ELVlong.md)
+ [AWS Elemental MediaConnect](integrating_how-services-use-secrets_EMXlong.md)
+ [AWS Elemental MediaConvert](integrating_how-services-use-secrets_EMClong.md)
+ [AWS Elemental MediaLive](integrating_EML.md)
+ [AWS Elemental MediaPackage](integrating_how-services-use-secrets_EMPlong.md)
+ [AWS Elemental MediaTailor](integrating_how-services-use-secrets_MediaTailor.md)
+ [Amazon EMR](integrating-emr.md)
+ [Amazon EventBridge](integrating_how-services-use-secrets_events.md)
+ [Amazon FSx](integrating_FSx.md)
+ [AWS Glue DataBrew](integrating_how-services-use-secrets_databrew.md)
+ [AWS Glue Studio](integrating_how-services-use-secrets_glue.md)
+ [AWS IoT SiteWise](integrating_how-services-use-secrets_iotsitewise.md)
+ [Amazon Kendra](integrating_how-services-use-secrets_KEN.md)
+ [Amazon Kinesis Video Streams](integrating_how-services-use-secrets_AKVS.md)
+ [AWS Launch Wizard](integrating_how-services-use-secrets_Launch.md)
+ [Amazon Lookout for Metrics](integrating_how-services-use-secrets_LFMlong.md)
+ [Amazon Managed Grafana](integrating_how-services-use-secrets_GRAlong.md)
+ [AWS Managed Services](integrating_how-services-use-secrets_AMSlong.md)
+ [Amazon Managed Streaming for Apache Kafka](integrating_how-services-use-secrets_MSKlong.md)
+ [Amazon Managed Workflows for Apache Airflow](integrating_how-services-use-secrets_mwaa.md)
+ [AWS Marketplace](integrating_how-services-use-secrets_marketplace-deployment.md)
+ [AWS Migration Hub](integrating_how-services-use-secrets_migration-hub.md)
+ [AWS Panorama](integrating_how-services-use-secrets_PAN.md)
+ [AWS Parallel Computing Service](integrating_how-services-use-secrets_pcs.md)
+ [AWS ParallelCluster](integrating_how-services-use-secrets_parallelcluster.md)
+ [Amazon Q](integrating-amazonq.md)
+ [Amazon OpenSearch Ingestion](integrating-opensearch.md)
+ [AWS OpsWorks for Chef Automate](integrating_how-services-use-secrets_opsworks-cm.md)
+ [Amazon Quick](integrating_how-services-use-secrets_QS.md)
+ [Amazon RDS](integrating_how-services-use-secrets_RDS.md)
+ [Amazon Redshift](integrating_how-services-use-secrets_RS.md)
+ [Amazon Redshift query editor v2](integrating_how-services-use-secrets_sqlworkbench.md)
+ [Amazon SageMaker AI](integrating-sagemaker.md)
+ [AWS SCT](integrating_AWSSCT.md)
+ [Amazon Timestream for InfluxDB](integrationg_how-services-use-secrets_TIME.md)
+ [AWS Toolkit for JetBrains](integrating_how-services-use-secrets_JBIDE.md)
+ [AWS Transfer Family](integrating_FTPlong.md)
+ [AWS Wickr](integrating_Wickr.md)
# How AWS App Runner uses AWS Secrets Manager
AWS App Runner is an AWS service that provides a fast, simple, and cost-effective way to deploy from source code or a container image directly to a scalable and secure web application in the AWS Cloud. You don't need to learn new technologies, decide which compute service to use, or know how to provision and configure AWS resources.
With App Runner, you can reference secrets and configurations as environment variables in your service when you create a service or update the service's configuration. For more information, see [Referencing environment variables](https://docs.aws.amazon.com/apprunner/latest/dg/env-variable.html) and [Managing environment variables](https://docs.aws.amazon.com/apprunner/latest/dg/env-variable-manage.html) in the *AWS App Runner Developer Guide*.
# How AWS App2Container uses AWS Secrets Manager
AWS App2Container is a command line tool to help you lift and shift applications that run in your on-premises data centers or on virtual machines, so that they run in containers that are managed by Amazon ECS, Amazon EKS, or AWS App Runner.
App2Container uses Secrets Manager to manage the credentials for connecting your worker machine to application servers in order to run remote commands. For more information, see [Manage secrets for AWS App2Container](https://docs.aws.amazon.com/app2container/latest/UserGuide/manage-secrets.html) in the *AWS App2Container User Guide*.
# How AWS AppConfig uses AWS Secrets Manager
AWS AppConfig is a capability of AWS Systems Manager that you can use to create, manage, and quickly deploy application configurations. A configuration can contain credential data or other sensitive information stored in Secrets Manager. When you create a freeform configuration profile, you can choose Secrets Manager as the source of your configuration data. For more information, see [Creating a freeform configuration profile](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-configuration-and-profile.html#appconfig-creating-configuration-and-profile-free-form-configurations) in the *AWS AppConfig User Guide*. For information about how AWS AppConfig handles secrets that have automatic rotation turned on, see [Secrets Manager key rotation](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-security.html#appconfig-security-secrets-manager-key-rotation) in the *AWS AppConfig User Guide*.
# How Amazon AppFlow uses AWS Secrets Manager
Amazon AppFlow is a fully-managed integration service that enables you to securely exchange data between software as a service (SaaS) applications, such as Salesforce, and AWS services, such as Amazon Simple Storage Service (Amazon S3) and Amazon Redshift.
In Amazon AppFlow, when you configure an SaaS application as a source or destination, you create a connection. This includes information required for connecting to the SaaS applications, such as authentication tokens, user names, and passwords. Amazon AppFlow stores your connection data in a Secrets Manager [managed secret](service-linked-secrets.md) with the prefix `appflow`. The cost of storing the secret is included with the charge for Amazon AppFlow. For more information, see [Data protection in Amazon AppFlow](https://docs.aws.amazon.com/appflow/latest/userguide/data-protection.html#encryption-rest) in the *Amazon AppFlow User Guide*.
# How AWS AppSync uses AWS Secrets Manager
AWS AppSync provides a robust, scalable GraphQL interface for application developers to combine data from multiple sources, including Amazon DynamoDB, AWS Lambda, and HTTP APIs.
AWS AppSync uses the credentials in a Secrets Manager secret to connect to Amazon RDS and Aurora. For more information, see [Tutorial: Aurora Serverless](https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-rds-resolvers.html) in the *AWS AppSync Developer Guide*.
# How Amazon Athena uses AWS Secrets Manager
Amazon Athena is an interactive query service that makes it easy to analyze data directly in Amazon Simple Storage Service (Amazon S3) using standard SQL.
Amazon Athena data source connectors can use the Athena Federated Query feature with Secrets Manager secrets to query data. For more information, see [Using Amazon Athena Federated Query](https://docs.aws.amazon.com/athena/latest/ug/connect-to-a-data-source.html) in the *Amazon Athena User Guide*.
# How Amazon Aurora uses AWS Secrets Manager
Amazon Aurora is a fully managed relational database engine that's compatible with MySQL and PostgreSQL.
To manage master user credentials for Aurora, Aurora can create a [managed secret](service-linked-secrets.md) for you. You are charged for that secret. Aurora also [manages rotation](rotate-secrets_managed.md) for these credentials. For more information, see [Password management with Amazon Aurora and AWS Secrets Manager](https://docs.aws.amazon.com//AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide*.
For other Aurora credentials, see [Create an AWS Secrets Manager secret](create_secret.md).
When you call the Amazon RDS Data API, you can pass credentials for the database by using a secret in Secrets Manager. For more information, see [Using the Data API for Aurora Serverless](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) in the *Amazon Aurora User Guide*.
When you use the Amazon RDS query editor to connect to a database, you can store credentials for the database in Secrets Manager. For more information, see [Using the query editor](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/query-editor.html) in the *Amazon RDS User Guide*.
# How AWS CodeBuild uses AWS Secrets Manager
AWS CodeBuild is a fully managed build service in the cloud. CodeBuild compiles your source code, runs unit tests, and produces artifacts ready to deploy.
You can store your private registry credentials using Secrets Manager. For more information, see [Private registry with AWS Secrets Manager sample for CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/sample-private-registry.html) in the *AWS CodeBuild User Guide*.
# How Amazon Data Firehose uses AWS Secrets Manager
You can use Amazon Data Firehose to deliver real-time streaming data to various streaming destinations. When the destination requires a credentials or key, Firehose retrieves a secret from Secrets Manager at runtime to connect to the destination. For more information, see [Authenticate with AWS Secrets Manager in Amazon Data Firehose](https://docs.aws.amazon.com/firehose/latest/dev/using-secrets-manager.html) in the *Amazon Data Firehose Developer Guide*.
# How AWS DataSync uses AWS Secrets Manager
AWS DataSync is an online data transfer service that simplifies, automates, and accelerates moving data between storage systems and services.
Some of the storage systems supported by DataSync require credentials to read and write data. DataSync uses Secrets Manager to store or access storage credentials. You can configure DataSync to create secrets on your behalf or you can provide a custom secret. Service-managed secrets begin with the prefix `aws-datasync`. You are charged only for the use of secrets that you create outside of DataSync. See [Providing credentials for storage locations](https://docs.aws.amazon.com/datasync/latest/userguide/location-credentials.html) in the *AWS DataSync User Guide*.
# How Amazon DataZone uses AWS Secrets Manager
Amazon DataZone is a data management service that enables you to catalog, discover, govern, share, and analyze your data. You can use data assets from tables and views from an Amazon Redshift cluster that is crawled using an AWS Glue crawler job. To connect to Amazon Redshift, you provide Amazon DataZone credentials in a Secrets Manager secret. For more information, see [Create a data source for an Amazon Redshift database using a new AWS Glue connection](https://docs.aws.amazon.com/datazone/latest/userguide/create-redshift-data-source-new-glue-connection-username.html) in the *Amazon DataZone User Guide*.
# How AWS Direct Connect uses AWS Secrets Manager
Direct Connect links your internal network to an Direct Connect location over a standard Ethernet fiber-optic cable. With this connection, you can create virtual interfaces directly to public AWS services.
Direct Connect stores a connectivity association key name and connectivity association key pair (CKN/CAK pair) in a [managed secret](service-linked-secrets.md) with the prefix `directconnect`. The cost of the secret is included with the charge for Direct Connect. To update the secret, you must use Direct Connect rather than Secrets Manager. For more information, see [Associate a MACsec CKN/CAK with a LAG ](https://docs.aws.amazon.com/directconnect/latest/UserGuide/associate-key-lag.html) in the *Direct Connect User Guide*.
# How AWS Directory Service uses AWS Secrets Manager
Directory Service provides multiple ways to use Microsoft Active Directory (AD) with other AWS services. You can join an Amazon EC2 instance to your directory using secrets for credentials. For more information, in the *Direct Connect User Guide*, see:
+ [Seamlessly join a Linux EC2 instance to your AWS Managed Microsoft AD directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/seamlessly_join_linux_instance.html)
+ [Seamlessly join a Linux EC2 instance to your AD Connector directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_connector_seamlessly_join_linux_instance.html)
+ [Seamlessly join a Linux EC2 instance to your Simple AD directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_seamlessly_join_linux_instance.html)
# How Amazon DocumentDB (with MongoDB compatibility) uses AWS Secrets Manager
Amazon DocumentDB (with MongoDB compatibility) is a fully managed document database service that supports MongoDB workloads. Amazon DocumentDB integrates with Secrets Manager to manage primary user passwords for your clusters, enhancing security and simplifying credential management.
Amazon DocumentDB generates the password, stores it in Secrets Manager, and manages the secret settings. By default, Amazon DocumentDB rotates the secret every seven days, but you can modify the rotation schedule if needed. When you create or modify an Amazon DocumentDB cluster, you can specify that it should manage the primary user password in Secrets Manager. For more information, see [Password management with Amazon DocumentDB and Secrets Manager](https://docs.aws.amazon.com/documentdb/latest/developerguide/docdb-secrets-manager.html) in the *Amazon DocumentDB Developer Guide*.
# How AWS Elastic Beanstalk uses AWS Secrets Manager
With AWS Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications. Elastic Beanstalk can launch Docker environments by building an image described in a Dockerfile or pulling a remote Docker image. To authenticate with the online registry that hosts the private repository, Elastic Beanstalk uses a Secrets Manager secret. For more information, see [Docker configuration](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/single-container-docker-configuration.html) in the *AWS Elastic Beanstalk Developer Guide*.
# How Amazon Elastic Container Registry uses AWS Secrets Manager
Amazon Elastic Container Registry (Amazon ECR) is an AWS managed container image registry service that is secure, scalable, and reliable. You can use the Docker CLI, or your preferred client, to push and pull images to and from your repositories. For each upstream registry containing images you want to cache in your Amazon ECR private registry, you must create a pull through cache rule. For upstream registries that require authentication, you must store the credentials in an Secrets Manager secret. You can create the Secrets Manager secret in either the Amazon ECR or Secrets Manager consoles. For more information, see [Creating a pull through cache rule ](https://docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache-creating-rule.html) in the *Amazon ECR User Guide*.
# Amazon Elastic Container Service
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that helps you easily deploy, manage, and scale containerized applications. You can inject sensitive data into your containers by referencing Secrets Manager secrets. For more information, see the following pages in the *Amazon Elastic Container Service Developer Guide*:
+ [Tutorial: Specifying sensitive data using Secrets Manager secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-tutorial.html)
+ [Retrieve secrets programmatically through your application](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-app-secrets-manager.html)
+ [Retrieve secrets through environment variables](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html)
+ [Retrieve secrets for logging configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-logconfig.html)
Amazon ECS supports FSx for Windows File Server volumes for containers. Amazon ECS uses the credentials stored in a Secrets Manager secret to domain join the Active Directory and attach the FSx for Windows File Server file system. For more information, see [Tutorial: Using FSx for Windows File Server file systems with Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/tutorial-wfsx-volumes.html) and [FSx for Windows File Server volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/wfsx-volumes.html) in the *Amazon Elastic Container Service Developer Guide*.
You can reference container images in private registries outside of AWS that require authentication by using a Secrets Manager secret with the registry credentials. For more information, see [Private registry authentication for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html) in the *Amazon Elastic Container Service Developer Guide*.
When you use Amazon ECS Service Connect, Amazon ECS uses Secrets Manager [managed secrets](service-linked-secrets.md) to store AWS Private Certificate Authority TLS certificates. The cost of storing the secret is included with the charges for Amazon ECS. To update the secret, you must use Amazon ECS rather than Secrets Manager. For more information, see [TLS with Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect-tls.html) in the *Amazon Elastic Container Service Developer Guide*.
# How Amazon ElastiCache uses AWS Secrets Manager
In ElastiCache you can use a feature called Role-Based Access Control (RBAC) to secure the cluster. You can store these credentials in Secrets Manager. Secrets Manager provides a [rotation template](reference_available-rotation-templates.md#template-ELC) for this type of secret. For more information, see [Automatically rotating passwords for users](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/User-Secrets-Manager.html) in the *Amazon ElastiCache User Guide*.
# How AWS Elemental Live uses AWS Secrets Manager
AWS Elemental Live is a real-time video service that lets you create live outputs for broadcast and streaming delivery.
AWS Elemental Live uses a secret ARN to get a secret that contains an encryption key from Secrets Manager. Elemental Live uses the encryption key to encrypt/decrypt the video. For more information, see [How delivery from AWS Elemental Live to MediaConnect works at runtime](https://docs.aws.amazon.com/elemental-live/latest/ug/setting-up-live-as-contribution-encoder-for-mediaconnect-how-it-works-at-runtime.html) in the *Elemental Live User Guide*.
# How AWS Elemental MediaConnect uses AWS Secrets Manager
AWS Elemental MediaConnect is a service that makes it easy for broadcasters and other premium video providers to reliably ingest live video into the AWS Cloud and distribute it to multiple destinations inside or outside the AWS Cloud.
You can use static key encryption to protect your sources, outputs, and entitlements, and you store your encryption key in AWS Secrets Manager. For more information, see [Static key encryption in AWS Elemental MediaConnect](https://docs.aws.amazon.com/mediaconnect/latest/ug/encryption-static-key.html) in the *AWS Elemental MediaConnect User Guide*.
# How AWS Elemental MediaConvert uses AWS Secrets Manager
AWS Elemental MediaConvert is a file-based video processing service that provides scalable video processing for content owners and distributors with media libraries of any size. To use MediaConvert to encode Kantar watermarks, you use Secrets Manager to store your Kantar credentials. For more information, see [Using Kantar for audio watermarking in AWS Elemental MediaConvert outputs](https://docs.aws.amazon.com/mediaconvert/latest/ug/kantar-watermarking.html) in the *AWS Elemental MediaConvert User Guide*.
# How AWS Elemental MediaLive uses AWS Secrets Manager
AWS Elemental MediaLive is a real-time video service that lets you create live outputs for broadcast and streaming delivery. If your organization uses AWS Elemental Link devices with AWS Elemental MediaLive or AWS Elemental MediaConnect, you must deploy the device and configure the device. For more information, see [Setting up MediaLive as a trusted entity](https://docs.aws.amazon.com/medialive/latest/ug/device-iam-for-medialive.html) in the *MediaLive User Guide*.
# How AWS Elemental MediaPackage uses AWS Secrets Manager
AWS Elemental MediaPackage is a just-in-time video packaging and origination service that runs in the AWS Cloud. With MediaPackage, you can deliver highly secure, scalable, and reliable video streams to a wide variety of playback devices and content delivery networks (CDNs). For more information, see [Secrets Manager access for CDN authorization](https://docs.aws.amazon.com/mediapackage/latest/ug/setting-up-create-trust-rel-policy-cdn.html) in the *AWS Elemental MediaPackage User Guide*.
# How AWS Elemental MediaTailor uses AWS Secrets Manager
AWS Elemental MediaTailor is a scalable ad insertion and channel assembly service that runs in the AWS Cloud.
MediaTailor supports Secrets Manager access token authentication to your source locations. With Secrets Manager access token authentication, MediaTailor uses a Secrets Manager secret to authenticate requests to your origin. For more information, see [Configuring AWS Secrets Manager access token authentication](https://docs.aws.amazon.com/mediatailor/latest/ug/channel-assembly-access-configuration-access-configuring.html) in the *AWS Elemental MediaTailor User Guide*.
# How Amazon EMR uses Secrets Manager
Amazon EMR is a platform that simplifies running big data frameworks, such as Apache Hadoop and Apache Spark, on AWS to process and analyze vast amounts of data. When you use these frameworks and related open-source projects such as Apache Hive and Apache Pig, you can process data for analytics and business intelligence workloads. You can also use Amazon EMR to transform and move large amounts of data into and out of other AWS data stores and databases, such as Amazon S3 and Amazon DynamoDB.
## How Amazon EMR running on Amazon EC2 uses Secrets Manager
When you create a cluster in Amazon EMR, you can provide application configuration data to the cluster with a secret in Secrets Manager. For more information, see [Store sensitive configuration data in Secrets Manager](https://docs.aws.amazon.com/emr/latest/ReleaseGuide/storing-sensitive-data.html) in the *Amazon EMR Management Guide*.
In addition, when you create an EMR Notebook, you can store your private Git-based registry credentials using Secrets Manager. For more information, see [Add a Git-based Repository to Amazon EMR](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-git-repo-add.html) in the *Amazon EMR Management Guide*.
## How EMR Serverless uses Secrets Manager
EMR Serverless provides a serverless runtime environment to simplify the operation of analytics applications so that you don’t have to configure, optimize, secure, or operate clusters.
You can store your data in AWS Secrets Manager and then use the secret ID in your EMR Serverless configurations. This way, you don't pass sensitive configuration data in plain text and expose it to external APIs.
For more information, see [Secrets Manager for data protection with EMR Serverless](https://docs.aws.amazon.com/emr/latest/EMR-Serverless-UserGuide/secrets-manager.html) in the *Amazon EMR Serverless User Guide*.
# How Amazon EventBridge uses AWS Secrets Manager
Amazon EventBridge is a serverless event bus service that you can use to connect your applications with data from a variety of sources.
When you create an Amazon EventBridge API destination, EventBridge stores the connection for it in a Secrets Manager [managed secret](service-linked-secrets.md) with the prefix `events`. The cost of storing the secret is included with the charge for using an API destination. To update the secret, you must use EventBridge rather than Secrets Manager. For more information, see [API destinations](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-destinations.html) in the *Amazon EventBridge User Guide*.
# How Amazon FSx uses AWS Secrets Manager secrets
Amazon FSx for Windows File Server provides fully managed Microsoft Windows file servers, backed by a fully native Windows file system. When you create or manage file shares, you can pass credentials from an AWS Secrets Manager secret. For more information, see [File shares](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-file-shares.html) and [Migrating file share configurations to Amazon FSx](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/migrate-file-share-config-to-fsx.html) in the *Amazon FSx for Windows File Server User Guide*.
# How AWS Glue DataBrew uses AWS Secrets Manager
AWS Glue DataBrew is a visual data preparation tool that you can use to clean and normalize data without writing any code. In DataBrew, a set of data transformation steps is called a recipe. AWS Glue DataBrew provides the [https://docs.aws.amazon.com/databrew/latest/dg/recipe-actions.DETERMINISTIC_DECRYPT.html](https://docs.aws.amazon.com/databrew/latest/dg/recipe-actions.DETERMINISTIC_DECRYPT.html), [https://docs.aws.amazon.com/databrew/latest/dg/recipe-actions.DETERMINISTIC_ENCRYPT.html](https://docs.aws.amazon.com/databrew/latest/dg/recipe-actions.DETERMINISTIC_ENCRYPT.html), and [https://docs.aws.amazon.com/databrew/latest/dg/recipe-actions.CRYPTOGRAPHIC_HASH.html](https://docs.aws.amazon.com/databrew/latest/dg/recipe-actions.CRYPTOGRAPHIC_HASH.html) recipe steps to perform transformations on personally identifiable information (PII) in a dataset, which use an encryption key stored in a Secrets Manager secret. If you use the DataBrew *default secret* to store the encryption key, DataBrew creates a [managed secret](service-linked-secrets.md) with the prefix `databrew`. The cost of storing the secret is included with the charge for using DataBrew. If you create a new secret to store the encryption key, DataBrew creates a secret with the prefix `AwsGlueDataBrew`. You are charged for that secret.
# How AWS Glue Studio uses AWS Secrets Manager
AWS Glue Studio is a graphical interface that makes it easy to create, run, and monitor extract, transform, and load (ETL) jobs in AWS Glue. You can use Amazon OpenSearch Service as a data store for your extract, transform, and load (ETL) jobs by configuring the Elasticsearch Spark Connector in AWS Glue Studio. To connect to the OpenSearch cluster, you can use a secret in Secrets Manager. For more information, see [Tutorial: Using the AWS Glue Connector for Elasticsearch](https://docs.aws.amazon.com/glue/latest/ug/tutorial-elastisearch-connector.html) in the *AWS Glue Developer Guide*.
# How AWS IoT SiteWise uses AWS Secrets Manager
AWS IoT SiteWise is a managed service that lets you collect, model, analyze, and visualize data from industrial equipment at scale. You can use the AWS IoT SiteWise console to create a gateway. Then add data sources, local servers or industrial equipment that are connected to gateways. If your source requires authentication, use a secret to authenticate. For more information, see [Configuring data source authentication](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/configure-source-authentication-ggv2.html) in the *AWS IoT SiteWise User Guide*.
# How Amazon Kendra uses AWS Secrets Manager
Amazon Kendra is a highly accurate and intelligent search service that enables your users to search unstructured and structured data using natural language processing and advanced search algorithms.
You can index documents stored in a database by specifying a secret that contains credentials for the database. For more information, see [Using a database data source](https://docs.aws.amazon.com/kendra/latest/dg/data-source-database.html) in the *Amazon Kendra User Guide*.
# How Amazon Kinesis Video Streams uses AWS Secrets Manager
You can use Amazon Kinesis Video Streams to connect to IP cameras on customer premises, locally record and store video from the cameras, and stream videos to the cloud for long-term storage, playback, and analytical processing. To record and upload media from IP cameras, you deploy the Kinesis Video Streams Edge Agent to AWS IoT Greengrass. You store the credentials required to access the media files that are streamed to the camera in an Secrets Manager secret. For more information, see [Deploy the Amazon Kinesis Video Streams Edge Agent to AWS IoT Greengrass](https://docs.aws.amazon.com/kinesisvideostreams/latest/dg/gs-edge-gg.html) in the *Amazon Kinesis Video Streams Developer Guide*.
# How AWS Launch Wizard uses AWS Secrets Manager
AWS Launch Wizard for Active Directory is a service that applies AWS Cloud application best practices to guide you through setting up a new Active Directory infrastructure, or adding domain controllers to an existing infrastructure, either in the AWS Cloud or on premises.
AWS Launch Wizard requires domain administrator credentials to be added to Secrets Manager to join your domain controllers to Active Directory. For more information, see [Set up for AWS Launch Wizard for Active Directory](https://docs.aws.amazon.com/launchwizard/latest/userguide/launch-wizard-ad-setting-up.html) in the *AWS Launch Wizard User Guide*.
# How Amazon Lookout for Metrics uses AWS Secrets Manager
Amazon Lookout for Metrics is a service that finds anomalies in your data, determines their root causes, and enables you to quickly take action. You can use Amazon Redshift or Amazon RDS as a datasource for an Lookout for Metrics detector. To configure the datasource, you use a secret that contains the database password. For more information, see [Using Amazon RDS with Lookout for Metrics](https://docs.aws.amazon.com/lookoutmetrics/latest/dev/services-rds.html) and [Using Amazon Redshift with Lookout for Metrics](https://docs.aws.amazon.com/lookoutmetrics/latest/dev/services-redshift.html) in the *Amazon Lookout for Metrics Developer Guide*.
# How Amazon Managed Grafana uses AWS Secrets Manager
Amazon Managed Grafana is a fully managed and secure data visualization service that you can use to instantly query, correlate, and visualize operational metrics, logs, and traces from multiple sources. When you use Amazon Redshift as a data source, you can provide Amazon Redshift credentials by using an AWS Secrets Manager secret. For more information, see [Configuring Amazon Redshift](https://docs.aws.amazon.com/grafana/latest/userguide/Redshift-config.html) in the *Amazon Managed Grafana User Guide*.
# How AWS Managed Services uses AWS Secrets Manager
AWS Managed Services is an enterprise service that provides ongoing management of your AWS infrastructure. AMS Self-Service Provisioning (SSP) mode provides full access to native AWS service and API Capabilities in AMS managed accounts. For information about how to request access to Secrets Manager in AMS, see [AWS Secrets Manager (AMS self-service provisioning)](https://docs.aws.amazon.com/managedservices/latest/userguide/secrets-manager.html) in the *AMS Advanced User Guide*.
# How Amazon Managed Streaming for Apache Kafka uses AWS Secrets Manager
Amazon Managed Streaming for Apache Kafka (Amazon MSK) is a fully managed service that enables you to build and run applications that use Apache Kafka to process streaming data. You can control access to your Amazon MSK clusters using usernames and passwords that are stored and secured using AWS Secrets Manager. For more information, see [Username and password authentication with AWS Secrets Manager](https://docs.aws.amazon.com/msk/latest/developerguide/msk-password.html) in the *Amazon Managed Streaming for Apache Kafka Developer Guide*.
# How Amazon Managed Workflows for Apache Airflow uses AWS Secrets Manager
Amazon Managed Workflows for Apache Airflow is a managed orchestration service for [Apache Airflow](https://airflow.apache.org/) that makes it easier to setup and operate end-to-end data pipelines in the cloud at scale.
You can configure an Apache Airflow connection using a Secrets Manager secret. For more information, see [Configuring an Apache Airflow connection using a Secrets Manager secret](https://docs.aws.amazon.com/mwaa/latest/userguide/connections-secrets-manager.html) and [Using a secret key in AWS Secrets Manager for an Apache Airflow variable](https://docs.aws.amazon.com/mwaa/latest/userguide/samples-secrets-manager-var.html) in the *Amazon Managed Workflows for Apache Airflow User Guide*.
# AWS Marketplace
When you use AWS Marketplace Quick Launch, AWS Marketplace distributes your software along with the license key. AWS Marketplace stores the license key in your account as a Secrets Manager [managed secret](service-linked-secrets.md). The cost of storing the secret is included with the charges for AWS Marketplace. To update the secret, you must use AWS Marketplace rather than Secrets Manager. For more information, see [Configure Quick Launch](https://docs.aws.amazon.com/marketplace/latest/userguide/saas-product-settings.html#saas-quick-launch) in the *AWS Marketplace Seller Guide*.
# How AWS Migration Hub uses AWS Secrets Manager
AWS Migration Hub provides a single location to track migration tasks across multiple AWS tools and partner solutions.
AWS Migration Hub Orchestrator simplifies and automates the migration of servers and enterprise applications to AWS. Migration Hub Orchestrator uses a secret for the connection information to your source server. For more information, in the *AWS Migration Hub Orchestrator User Guide*, see:
+ [Migrate SAP NetWeaver applications to AWS](https://docs.aws.amazon.com/migrationhub-orchestrator/latest/userguide/migrate-sap.html)
+ [Rehost applications on Amazon EC2](https://docs.aws.amazon.com/migrationhub-orchestrator/latest/userguide/rehost-on-ec2.html)
Migration Hub Strategy Recommendations offers migration and modernization strategy recommendations for viable transformation paths for your applications. Strategy Recommendations can analyze SQL Server databases, using a secret for the connection information. For more information, see [Strategy Recommendations database analysis](https://docs.aws.amazon.com/migrationhub-strategy/latest/userguide/database-analysis.html).
# How AWS Panorama uses Secrets Manager
AWS Panorama is a service that brings computer vision to your on-premises camera network. You use AWS Panorama to register an appliance, update its software, and deploy applications to it. When you register a video stream as a data source for your application, if the stream is password protected, AWS Panorama stores the credentials for it in a Secrets Manager secret. For more information, see [Managing camera streams in AWS Panorama](https://docs.aws.amazon.com/panorama/latest/dev/appliance-cameras.html) in the *AWS Panorama Developer Guide*.
# How AWS Parallel Computing Service uses AWS Secrets Manager
AWS Parallel Computing Service (AWS PCS) is a managed service that makes it easier to run and scale high performance computing (HPC) and distributed machine learning workloads on AWS.
To connect to the cluster job scheduler, AWS PCS creates a [managed secret](service-linked-secrets.md) with the prefix `pcs` to store the scheduler key. The cost of storing the secret is included with the charge for AWS PCS. AWS PCS automatically deletes the secret when you delete your AWS PCS cluster. For more information, see [Working with cluster secrets in AWS PCS](https://docs.aws.amazon.com/pcs/latest/userguide/working-with_clusters_secrets.html) in the *AWS PCS User Guide*.
**Important**
Don't modify or delete AWS PCS cluster secrets.
# How AWS ParallelCluster uses AWS Secrets Manager
AWS ParallelCluster is an open source cluster management tool that you can use to deploy and manage high performance computing (HPC) clusters in the AWS Cloud. You can create a multiple user environment that includes an AWS ParallelCluster that's integrated with an AWS Managed Microsoft AD (Active Directory). The AWS ParallelCluster uses a Secrets Manager secret for validating logins to Active Directory. For more information, see [Integrating Active Directory](https://docs.aws.amazon.com/parallelcluster/latest/ug/tutorials_05_multi-user-ad.html) in the *AWS ParallelCluster User Guide*.
# How Amazon Q uses Secrets Manager
To authenticate Amazon Q to access your data source, you provide your data source access credentials to Amazon Q using an Secrets Manager secret. If you use the console, you can choose to create a new secret or use an existing one. For more information, see [Concepts – Authentication](https://docs.aws.amazon.com/amazonq/latest/business-use-dg/connector-concepts.html#connector-authentication) in the *Amazon Q Developer Guide*.
# How Amazon OpenSearch Ingestion uses Secrets Manager
Amazon OpenSearch Ingestion is a fully managed, serverless data collector that streams real-time logs, metrics, and trace data to Amazon OpenSearch Service domains and OpenSearch Serverless collections. You can use OpenSearch Ingestion pipelines with Secrets Manager to securely manage your credentials. For more information, see:
+ [Using an OpenSearch Ingestion pipeline with Atlassian Services](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configure-client-atlassian.html)
+ [Using an OpenSearch Ingestion pipeline with Amazon DocumentDB](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configure-client-docdb.html)
+ [Using an OpenSearch Ingestion pipeline with Confluent Cloud Kafka](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configure-client-confluent-kafka.html)
+ [Using an OpenSearch Ingestion pipeline with Kafka](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configure-client-self-managed-kafka.html)
+ [Migrating data from self-managed OpenSearch clusters using Amazon OpenSearch Ingestion](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configure-client-self-managed-opensearch.html)
# How AWS OpsWorks for Chef Automate uses AWS Secrets Manager
OpsWorks is a configuration management service that helps you configure and operate applications in a cloud enterprise by using OpsWorks for Puppet Enterprise or AWS OpsWorks for Chef Automate.
When you create a new server in AWS OpsWorks CM, OpsWorks CM stores information for the server in a Secrets Manager [managed secret](service-linked-secrets.md) with the prefix `opsworks-cm`. The cost of the secret is included in the charge for OpsWorks. For more information, see [Integration with AWS Secrets Manager](https://docs.aws.amazon.com/opsworks/latest/userguide/data-protection.html#data-protection-secrets-manager) in the *OpsWorks User Guide*.
# How Amazon Quick uses AWS Secrets Manager
Amazon Quick is a cloud-scale business intelligence (BI) service you can use for analytics, data visualization, and reporting. You can use a variety of data sources in Quick. If you store database credentials in Secrets Manager secrets, Quick can use those secrets to connect to the databases. For more information, see [Using AWS Secrets Manager secrets in place of database credentials in Amazon Quick](https://docs.aws.amazon.com/quicksight/latest/user/secrets-manager-integration.html) in the *Amazon Quick User Guide*.
# How Amazon RDS uses AWS Secrets Manager
Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud.
To manage master user credentials for Amazon Relational Database Service (Amazon RDS), including Aurora, Amazon RDS can create a [managed secret](service-linked-secrets.md) for you. You are charged for that secret. Amazon RDS also [manages rotation](rotate-secrets_managed.md) for these credentials. For more information, see [Password management with Amazon RDS and AWS Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide*.
For other Amazon RDS credentials, see [Create an AWS Secrets Manager secret](create_secret.md).
When you use the Amazon RDS query editor to connect to a database, you can store credentials for the database in Secrets Manager. For more information, see [Using the query editor](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/query-editor.html) in the *Amazon RDS User Guide*.
# How Amazon Redshift uses AWS Secrets Manager
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud.
To manage admin credentials for Amazon Redshift, Amazon Redshift can create a [managed secret](service-linked-secrets.md) for you. You are charged for that secret. Amazon Redshift also [manages rotation](rotate-secrets_managed.md) for these credentials. For more information, see [Managing Amazon Redshift admin passwords using AWS Secrets Manager](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-secrets-manager-integration.html) in the *Amazon Redshift Management Guide*.
For other Amazon Redshift credentials, see [Create an AWS Secrets Manager secret](create_secret.md).
When you call the Amazon Redshift Data API, you can pass credentials for the cluster by using a secret in Secrets Manager. For more information, see [Using the Amazon Redshift Data API](https://docs.aws.amazon.com/redshift/latest/mgmt/data-api.html).
When you use the Amazon Redshift query editor to connect to a database, Amazon Redshift can store your credentials in a Secrets Manager secret with the prefix `redshiftqueryeditor`. You are charged for that secret. For more information, see [Querying a database using the query editor](https://docs.aws.amazon.com/redshift/latest/mgmt/query-editor.html) in the *Amazon Redshift Management Guide*.
For query editor v2, see [Amazon Redshift query editor v2](integrating_how-services-use-secrets_sqlworkbench.md).
# Amazon Redshift query editor v2
Amazon Redshift query editor v2 is a web-based SQL client application that you can use to author and run queries on your Amazon Redshift data warehouse. When you use the Amazon Redshift query editor v2 to connect to a database, Amazon Redshift can store your credentials in a Secrets Manager [managed secret](service-linked-secrets.md) with the prefix `sqlworkbench`. The cost of storing the secret is included with the charge for using Amazon Redshift. To update the secret, you must use Amazon Redshift rather than Secrets Manager. For more information, see [Working with query editor v2 ](https://docs.aws.amazon.com/redshift/latest/mgmt/query-editor-v2-using.html) in the *Amazon Redshift Management Guide*.
For the previous query editor, see [How Amazon Redshift uses AWS Secrets Manager](integrating_how-services-use-secrets_RS.md).
# How Amazon SageMaker AI uses AWS Secrets Manager
SageMaker AI is a fully managed machine learning service. With SageMaker AI, data scientists and developers can quickly and easily build and train machine learning models, and then directly deploy them into a production-ready hosted environment. It provides an integrated Jupyter authoring notebook instance for easy access to your data sources for exploration and analysis, so you don't have to manage servers.
You can associate Git repositories with your Jupyter notebook instances to save your notebooks in a source control environment that persists even if you stop or delete your notebook instance. You can manage your private repositories credentials using Secrets Manager. For more information, see [Associate Git Repositories with Amazon SageMaker Notebook Instances](https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-git-repo.html) in the *Amazon SageMaker AI Developer Guide*.
To import data from Databricks, Data Wrangler stores your JDBC URL in Secrets Manager. For more information, see [Import data from Databricks (JDBC)](https://docs.aws.amazon.com/sagemaker/latest/dg/data-wrangler-import.html#data-wrangler-databricks).
To import data from Snowflake, Data Wrangler stores your credentials in a Secrets Manager secret. For more information, see [Import data from Snowflake](https://docs.aws.amazon.com/sagemaker/latest/dg/data-wrangler-import.html#data-wrangler-snowflake).
# How AWS Schema Conversion Tool uses AWS Secrets Manager
You can use the AWS Schema Conversion Tool (AWS SCT) to convert your existing database schema from one database engine to another. You can convert relational OLTP schema, or data warehouse schema. Your converted schema is suitable for an Amazon Relational Database Service (Amazon RDS) MySQL, MariaDB, Oracle, SQL Server, PostgreSQL DB, an Amazon Aurora DB cluster, or an Amazon Redshift cluster. The converted schema can also be used with a database on an Amazon Elastic Compute Cloud instance or stored as data on an S3 bucket.
When you convert a database schema, AWS SCT can use database credentials that you store in AWS Secrets Manager. For more information, see [Using AWS Secrets Manager in the AWS SCT user interface](https://docs.aws.amazon.com/SchemaConversionTool/latest/userguide/CHAP_UserInterface.html#CHAP_UserInterface.SecretsManager) in the *AWS Schema Conversion Tool User Guide*.
# How Amazon Timestream for InfluxDB uses AWS Secrets Manager
Timestream for InfluxDB is a managed time-series database engine that makes it easy for you to run InfluxDB databases on AWS for real-time time-series applications using open-source APIs. With Timestream for InfluxDB, you can set up, operate, and scale time-series workloads that can answer queries with single-digit millisecond query response time.
When you create a Timestream for InfluxDB database, Timestream automatically creates a secret to store the admin credentials. For more information, see [How Timestream for InfluxDB uses secrets](https://docs.aws.amazon.com/timestream/latest/developerguide/timestream-for-influx-security-db-secrets.html) in the *Timestream Developer Guide*.
# How AWS Toolkit for JetBrains uses AWS Secrets Manager
The AWS Toolkit for JetBrains is an open source plugin for the integrated development environments (IDEs) from JetBrains. The toolkit makes it easier for developers to develop, debug, and deploy serverless applications that use AWS. When connecting to an Amazon Redshift cluster using the toolkit, you can authenticate using a Secrets Manager secret. For more information, see [Accessing Amazon Redshift clusters](https://docs.aws.amazon.com/toolkit-for-jetbrains/latest/userguide/redshift-access-prerequisities.html) in the *AWS Toolkit for JetBrains User Guide*.
# How AWS Transfer Family uses AWS Secrets Manager secrets
AWS Transfer Family is a secure transfer service that enables you to transfer files into and out of AWS storage services.
Transfer Family now supports using Basic authentication for servers that use the Applicability Statement 2 (AS2) protocol. You can create a new Secrets Manager secret or choose an existing secret for your credentials. For more information, see [Basic authentication for AS2 connectors](https://docs.aws.amazon.com/transfer/latest/userguide/as2-connectors-details.html#as2-basic-auth) in the *AWS Transfer Family User Guide*.
To authenticate Transfer Family users, you can use AWS Secrets Manager as an identity provider. For more information, see [Working with custom identity providers](https://docs.aws.amazon.com/transfer/latest/userguide/custom-identity-provider-users.html) in the *AWS Transfer Family User Guide* and the blog article [Enable password authentication for AWS Transfer Family using AWS Secrets Manager](https://aws.amazon.com/blogs/storage/enable-password-authentication-for-aws-transfer-family-using-aws-secrets-manager-updated/).
You can use Pretty Good Privacy (PGP) decryption with the files that Transfer Family processes with workflows. To use decryption in a workflow step, you provide a PGP key that you manage in Secrets Manager. For more information, see [Generate and manage PGP keys](https://docs.aws.amazon.com/transfer/latest/userguide/key-management.html#pgp-key-management) in the *AWS Transfer Family User Guide*.
# How AWS Wickruses AWS Secrets Manager secrets
AWS Wickr is an end-to-end encrypted service that helps organizations and government agencies to communicate securely through one-to-one and group messaging, voice and video calling, file sharing, screen sharing, and more. You can automate workflows using Wickr data retention bots. If the bot will have access to AWS services, then you should create a Secrets Manager secret to store the bot credentials. For more information, see [Start the data retention bot](https://docs.aws.amazon.com/wickr/latest/adminguide/starting-data-retention-bot.html#data-retention-startup-asm) in the *AWS Wickr Administration Guide*.