Secrets & Encryption keys
Secrets
Sandbox Studio creates 4 secrets in AWS Secrets Manager:
|
Secret name
|
Description
|
Rotated?
|
|---|---|---|
|
/SandboxStudio/Sandbox/Auth/IdpCert
|
IAM Identity Center Certificate of the Sandbox Studio SAML 2.0 custom app
|
No
|
|
/SandboxStudio/Sandbox/Auth/JwtSecret
|
The secret for JWT used by Sandbox Studio
|
Automatically, every 30 days
|
|
/SandboxStudio/Sandbox/RDS/Credentials
|
Credentials for RDS PostgreSQL instance for SandboxStudio
|
Not automatically - Planned for next Sandbox Studio releases
|
|
/SandboxStudio/Sandbox/SMTP/Credentials
|
SMTP Credentials for Sandbox Studio (Only use if Sandbox Studio is configured to send notifications using SMTP)
|
No
|
Sandbox Studio uses JWT Token for authentication mechanism. As part of the solution, and to ensure higher standards of security, the JWT Secret is rotated every 30 days.
Encryption keys
Sandbox Studio creates the following KMS keys:
|
Aliases
|
Key type
|
Key spec
|
Key usage
|
|---|---|---|---|
|
-
|
Symmetric
|
SYMMETRIC_DEFAULT
|
Encrypt and decrypt
|
|
SandboxStudio/Sandbox/Sandbox-SandboxStudio-Data
|
Symmetric
|
SYMMETRIC_DEFAULT
|
Encrypt and decrypt
|
|
-
|
Symmetric
|
SYMMETRIC_DEFAULT
|
Encrypt and decrypt
|
|
SandboxStudio/Sandbox/Sandbox-SandboxStudio-Compute
|
Symmetric
|
SYMMETRIC_DEFAULT
|
Encrypt and decrypt
|
|
SandboxStudio/Sandbox/Sandbox-SandboxStudio-API
|
Symmetric
|
SYMMETRIC_DEFAULT
|
Encrypt and decrypt
|
Sandbox Studio S3 Buckets use Amazon-Managed server-side encryption.
No comments to display
No comments to display