Reference your own AWS Secrets Manager secrets in Amazon Bedrock AgentCore Identity

2026-06-01 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cloud Computing & IT Infrastructure, Cybersecurity & Data Privacy · Depth: Intermediate, medium

Summary

Amazon Bedrock AgentCore Identity has introduced a new capability allowing users to reference existing AWS Secrets Manager secrets for managing credentials. Previously, AgentCore Identity automatically created and managed secrets, which restricted customer control over aspects like custom tags, rotation policies, and customer-managed AWS Key Management Service (AWS KMS) key encryption. This update enables organizations to provide their own preconfigured secrets, thereby extending existing secrets governance processes to AgentCore. Users gain full control over encryption configuration, rotation, replication, tags, and resource policies. The feature supports referencing secrets from other AWS accounts within the same AWS Region and integrates with third-party secret managers via AWS Secrets Manager external connectors. Example use cases include leveraging existing team secrets, implementing custom rotation, scoping access, enforcing customer-managed encryption, and applying resource tags. Configuration can be done via the AWS Management Console, AWS CLI, or an AI agent.

Key takeaway

For AI Architects and MLOps Engineers building production-ready agentic systems on Amazon Bedrock, this update significantly enhances credential management. You can now integrate your AI agents with existing secrets governance frameworks by referencing preconfigured AWS Secrets Manager secrets. This ensures compliance with organizational security policies, enables custom rotation, and allows for granular access control and customer-managed encryption. Utilize this feature to streamline security audits and maintain consistent secret management practices across your AWS environment.

Key insights

Amazon Bedrock AgentCore Identity now allows referencing existing AWS Secrets Manager secrets for enhanced credential governance.

Principles

• Centralize secret governance for AI agents.
• Maintain full control over secret lifecycle.
• Integrate with existing security policies.

Method

Provide the AWS Secrets Manager secret ARN and JSON key when creating AgentCore Identity credential provider resources via console, CLI, or AI agent.

In practice

• Use existing team secrets for agent APIs.
• Apply custom rotation policies to agent credentials.
• Enforce customer-managed KMS encryption for secrets.

Topics

• Amazon Bedrock AgentCore Identity
• AWS Secrets Manager
• Credential Management
• API Security
• AWS KMS
• MLOps Security

Best for: AI Engineer, MLOps Engineer, AI Architect

Related on AIssential

• Trump administration to ask US AI firms to voluntarily submit models for cybersecurity tests — The U.S. government seeks voluntary AI model cybersecurity testing from firms like OpenAI and Google via CAISI.
• Anthropic scales Project Glasswing to 150 partners across 15 countries to hunt critical software flaws — AI models like Claude Mythos can rapidly identify critical software vulnerabilities, posing both defensive and offensive capabilities.
• Your JWT Is Lying to You - The Authorization Problem Nobody Solves Correctly — JWTs alone are insufficient for dynamic, fine-grained authorization; external policy engines are essential for scalable security.
• Hackers hijacked high-profile Instagram accounts by simply asking Meta's AI chatbot to change the email — Meta's AI support chatbot was exploited via prompt injection to hijack Instagram accounts, bypassing 2FA and automated identity checks.
• Chrome stops hackers from stealing your browser cookies now - how its new security feature works — Device Bound Session Credentials (DBSC) cryptographically ties browser cookies to a device's security chip, preventing their use if stolen.
• A Three-Minute Protocol to Reduce AI Manipulation Risk — The "Think First, Verify Always" (TFVA) protocol significantly reduces AI manipulation risk by fostering independent judgment and verification.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.