SEC 6. How are you managing keys and credentials?

Keys and credentials are secrets that should be protected, and an appropriate rotation policy should be defined and used. The best practice is to not hard-code these secrets into management scripts and applications, but it does often occur.

 

Best practices:
 Appropriate key and credential rotation policy is being used.
 Use AWS CloudHSM.
 AWS server-side techniques are used with AWS managed keys (e.g., Amazon S3 SSE, Amazon EBS encrypted volumes, etc.).

 AWS Marketplace solutions (e.g., SafeNet, TrendMicro, etc.).