AWS DataSync expands support for AWS Secrets Manager across all location types

AWS DataSync has expanded its integration with AWS Secrets Manager to include credential management for all location types, such as Hadoop Distributed File System (HDFS), Amazon FSx for Windows File Server, and Amazon FSx for NetApp ONTAP. Previously, this integration was restricted to a limited range of location types, necessitating the direct provision of credentials through the DataSync API or console.

With this enhancement, users can now centralize credential management for all DataSync locations within Secrets Manager, ensuring a unified and consistent method for handling data transfers. Additionally, users have the option to encrypt credentials using their own AWS KMS key rather than the default AWS-owned key, thus aligning with their organization’s security and governance policies. All secrets are securely stored within the user’s account, enabling credential updates as required, independently of the DataSync service.

DataSync offers two methods for managing credentials. Users can either provide a secret Amazon Resource Name (ARN) that references credentials managed in Secrets Manager, granting full control over rotation, auditing, and access policies, or allow DataSync to automatically create and manage secrets on their behalf.

This new capability is accessible in most AWS regions where AWS DataSync is available. For a comprehensive list of supported regions, users can refer to the AWS Capabilities tool in the Builder Center. To begin utilizing this feature, users are encouraged to visit the AWS DataSync console. Further details can be found in the AWS DataSync documentation under the section on managing credentials with AWS Secrets Manager.