Secrets Manager custodian (AWS)

Custodian model: deny.sh holds zero copies of your vault master secret. Instead we point at an AWS Secrets Manager secret you own, fetch it on demand via IAM AssumeRole, use it in memory, and never persist it. Security and platform teams keep custody inside AWS and can revoke access at any moment by editing the role trust policy.

Loading…