Skip to main content

Secrets & Encryption keys

Secrets

Sandbox Studio creates 4 secrets in AWS Secrets Manager:

Secret name
Description
/SandboxStudio/Sandbox/Auth/IdpCert
IAM Identity Center Certificate of the Sandbox Studio SAML 2.0 custom app
/SandboxStudio/Sandbox/Auth/JwtSecret
The secret for JWT used by Sandbox Studio
/SandboxStudio/Sandbox/RDS/Credentials
Credentials for RDS PostgreSQL instance for SandboxStudio
/SandboxStudio/Sandbox/SMTP/Credentials
SMTP Credentials for Sandbox Studio (Only use if Sandbox Studio is configured to send notifications using SMTP)
Encryption keys

Sandbox Studio creates the following KMS keys:

Aliases
Key type
Key spec
Key usage
-
Symmetric
SYMMETRIC_DEFAULT
Encrypt and decrypt
SandboxStudio/Sandbox/Sandbox-SandboxStudio-Data
Symmetric
SYMMETRIC_DEFAULT
Encrypt and decrypt
-
Symmetric
SYMMETRIC_DEFAULT
Encrypt and decrypt
SandboxStudio/Sandbox/Sandbox-SandboxStudio-Compute
Symmetric
SYMMETRIC_DEFAULT
Encrypt and decrypt
SandboxStudio/Sandbox/Sandbox-SandboxStudio-API
Symmetric
SYMMETRIC_DEFAULT
Encrypt and decrypt

Sandbox Studio S3 Buckets use Amazon-Managed server-side encryption.

Back to top