gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-08 03:10:49 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/README.md', 'src/banners/hacktricks-training.md', 'src/

Browse Source
This commit is contained in:
Translator
2024-12-31 20:29:08 +00:00
parent 2753c75e8b
commit 396dbafaf2
245 changed files with 9878 additions and 12609 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/pentesting-cloud/aws-security/aws-services/aws-secrets-manager-enum.md
View File

@@ -4,22 +4,21 @@
## AWS Secrets Manager
AWS Secrets Manager is designed to **eliminate the use of hard-coded secrets in applications by replacing them with an API call**. This service serves as a **centralized repository for all your secrets**, ensuring they are managed uniformly across all applications.
AWS Secrets Manager is ontwerp om **die gebruik van hard-gecodeerde geheime in toepassings te elimineer deur dit met 'n API-oproep te vervang**. Hierdie diens dien as 'n **gecentraliseerde berging vir al jou geheime**, wat verseker dat dit uniform bestuur word oor alle toepassings.
The manager simplifies the **process of rotating secrets**, significantly improving the security posture of sensitive data like database credentials. Additionally, secrets like API keys can be automatically rotated with the integration of lambda functions.
Die bestuurder vereenvoudig die **proses om geheime te roteer**, wat die sekuriteitsposisie van sensitiewe data soos databasisakkrediteer verbeter. Daarbenewens kan geheime soos API-sleutels outomaties geroteer word met die integrasie van lambda-funksies.
The access to secrets is tightly controlled through detailed IAM identity-based policies and resource-based policies.
Die toegang tot geheime word noukeurig beheer deur middel van gedetailleerde IAM identiteit-gebaseerde beleide en hulpbron-gebaseerde beleide.
For granting access to secrets to a user from a different AWS account, it's necessary to:
Om toegang tot geheime aan 'n gebruiker van 'n ander AWS-rekening te verleen, is dit nodig om:
1. Authorize the user to access the secret.
2. Grant permission to the user to decrypt the secret using KMS.
3. Modify the Key policy to allow the external user to utilize it.
1. Die gebruiker te magtig om toegang tot die geheim te verkry.
2. Toestemming aan die gebruiker te verleen om die geheim met KMS te ontsleutel.
3. Die Sleutelbeleid te wysig om die eksterne gebruiker toe te laat om dit te gebruik.
**AWS Secrets Manager integrates with AWS KMS to encrypt your secrets within AWS Secrets Manager.**
**AWS Secrets Manager integreer met AWS KMS om jou geheime binne AWS Secrets Manager te enkripteer.**
### **Enumeration**
```bash
aws secretsmanager list-secrets #Get metadata of all secrets
aws secretsmanager list-secret-version-ids --secret-id <secret_name> # Get versions
@@ -28,7 +27,6 @@ aws secretsmanager get-secret-value --secret-id <secret_name> # Get value
aws secretsmanager get-secret-value --secret-id <secret_name> --version-id <version-id> # Get value of a different version
aws secretsmanager get-resource-policy --secret-id --secret-id <secret_name>
```
### Privesc
{{#ref}}
@@ -41,14 +39,10 @@ aws secretsmanager get-resource-policy --secret-id --secret-id <secret_name>
../aws-post-exploitation/aws-secrets-manager-post-exploitation.md
{{#endref}}
### Persistence
### Persistensie
{{#ref}}
../aws-persistence/aws-secrets-manager-persistence.md
{{#endref}}
{{#include ../../../banners/hacktricks-training.md}}