AWS Secrets Manager

Question

Is it possible to disable the **'show password'** checkbox in AWS Secrets Manager so that secret passwords can't be inadvertently unmasked while they're being created?

Can the same thing be done for **retrieve secret value** in the management console? In my opinion being able to see the secret in plain text on-screen by default poses a risk when online. If making the actual values visible where only possible through a verification process, that would be ideal. Maybe this can be done with a security key or two-factor authentication passcode to confirm that secrets should be visible in those ways, otherwise I'd like them to be masked always?

I was thinking of these points because of hackers and trojans.

Answer

Hello.

I also tried checking from the management console, but it didn't seem possible at the moment.  
Therefore, it may be a good idea to send feedback on the UI from "Feedback" at the bottom left of the management console screen.  
![a](/media/postImages/original/IMpuZw__bNSEy37CrnBrRiDg)  
![b](/media/postImages/original/IMSs2rQa95TQaF8uOTo1jaWA)

CloudFormation has a parameter called "NoEcho", so it may be a good idea to use this to create a Secrets Manager.  
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html  
```
Parameters:
  MyPassword:
    Type: String
    NoEcho: true
```

AWS Secrets Manager

相關內容