
Reference your own AWS Secrets Manager secrets in Amazon Bedrock AgentCore Identity
Quick Answer
AWS now allows referencing AWS Secrets Manager secrets in AgentCore Identity, enabling organizations to manage their secrets governance processes seamlessly.
Quick Take
AWS now allows referencing AWS Secrets Manager secrets in AgentCore Identity, enabling organizations to manage their secrets governance processes seamlessly. Users can utilize preconfigured secrets, maintain control over encryption, rotation, and policies, and even access secrets from other AWS accounts within the same region.
Key Points
- Integrate AWS Secrets Manager secrets directly into AgentCore Identity.
- Maintain full control over encryption, rotation, and resource policies.
- Access secrets from other AWS accounts in the same region.
- Supports third-party secret managers via AWS Secrets Manager connectors.
- Enhances existing secrets governance processes for organizations.
Article Excerpt
From source RSS / original summaryToday, we’re excited to announce the ability to reference a secret in AWS Secrets Manager for AgentCore Identity, so you can reference your own preconfigured secret from Secrets Manager and retain full control over how it is managed. With this ability, you can extend your organization’s existing secrets governance processes to AgentCore. You can provide an existing, preconfigured AWS Secrets Manager secret to use with your credential provider resources.
You retain full control over its encryption configuration, rotation, replication, tags, and resource policies, just as you would manage other secrets in Secrets Manager. You can also choose a secret from another AWS account within the same AWS Region, though cross-Region secret sharing isn’t supported. This also supports secrets brought in through AWS Secrets Manager external connectors, enabling integration with third-party secret managers.
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from AWS Machine Learning
See more →
Implement on-behalf-of token exchange for multi-tenant agents with Amazon Bedrock AgentCore Gateway
Amazon Bedrock AgentCore Gateway introduces on-behalf-of (OBO) token exchange for multi-tenant AI agents, addressing identity issues when calling downstream APIs. This implementation guide demonstrates how to maintain user identity and enforce least privilege while scaling across tenants using OAuth 2.0 Token Exchange (RFC 8693).

