公开(公告)号：US11849037B1

公开(公告)日：2023-12-19

申请号：US17301341

申请日：2021-03-31

Applicant: Amazon Technologies, Inc.

Inventor： William Tong ,  Joseph Baro ,  Parimal Shirish Deshmukh ,  Kylan Joseph Kempster ,  Yan Wu ,  Graeme David Baer ,  Steven K. Emelander ,  Divya Sridhar

IPC: H04L9/08 ,  H04L67/1095 ,  G06F9/54 ,  H04L9/40 ,  G06F3/0482

CPC classification number: H04L9/0891 ,  G06F3/0482 ,  G06F9/541 ,  H04L9/0861 ,  H04L63/0428 ,  H04L67/1095

Abstract: This disclosure describes techniques for managing the replication of a secret across different regions. A secrets management system (SMS) may be used to manage replication of secrets across different regions of the cloud that are in different geographic locations. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to manage the replication of secrets. In some examples, upon detection of a replication message, the SMS reads the message, identifies the secret, and performs an action involving the secret. For instance, a secret identified within the replication message is accessed from the current region, and the secret is re-encrypted using a customer specified KMS key using customer credentials. The secret is then packaged into a secret replication message. An SRS in the replicated region reads this new secret replication message, accesses the secret that was replicated, and saves the secret in the replicated region.