# Secrets Manager

## AWS Secrets Manager 구성

1. `AWS > AWS Secrets Manager > 보안 암호 > 새 보안 암호 저장` 을 통해 새 보안 암호 생성

<figure><img src="/files/tqBZqRSSFGOu4WQtpMSb" alt=""><figcaption></figcaption></figure>

2. 실습에 사용할 보안 암호 생성 및 저장

<figure><img src="/files/rVQ305Ym9nA6lIZEbfzh" alt=""><figcaption></figcaption></figure>

## 연결 소스코드 구성

1. composer 다운로드

{% embed url="<https://getcomposer.org/download/>" %}

2. 웹 서버 경로에서 composer 구성 파일 생성

```
composer require aws/aws-sdk-php
```

3. Secrets Manager와 연동할 소스코드 생성 및 연결정보 구성

```php
<?php
require 'vendor/autoload.php';  // AWS SDK 로드

use Aws\SecretsManager\SecretsManagerClient;
use Aws\Sts\StsClient;
use Aws\Exception\AwsException;

// AWS 설정
$awsKey = 'AccessKey';
$awsSecret = 'SecretKey';
$region = 'ap-northeast-2';
$secretName = 'cred/database/mysql'; // Secrets Manager에 저장된 시크릿 이름

// Secrets Manager 클라이언트 초기화
$client = new SecretsManagerClient([
    'version'     => 'latest',
    'region'      => $region,
    'credentials' => [
        'key'    => $awsKey,
        'secret' => $awsSecret,
    ]
]);

// STS 클라이언트 (내 계정 정보 확인용)
$stsClient = new StsClient([
    'version'     => 'latest',
    'region'      => $region,
    'credentials' => [
        'key'    => $awsKey,
        'secret' => $awsSecret,
    ]
]);

try {
    // 1. 내 계정 정보 가져오기
    $identity = $stsClient->getCallerIdentity();
    $accountId = $identity['Account'];
    $arn = $identity['Arn'];
    $userId = $identity['UserId'];

    // 2. Secrets Manager 시크릿 가져오기
    $result = $client->getSecretValue([
        'SecretId' => $secretName
    ]);

    // 결과 값 파싱
    $secretData = [];
    if (isset($result['SecretString'])) {
        $secretData = json_decode($result['SecretString'], true);
    }

    // 3. 출력
    echo "<h2>🔹 AWS 계정 정보</h2>";
    echo "<table border='1' cellpadding='5' cellspacing='0'>";
    echo "<tr><th>항목</th><th>값</th></tr>";
    echo "<tr><td>Account ID</td><td>{$accountId}</td></tr>";
    echo "<tr><td>ARN</td><td>{$arn}</td></tr>";
    echo "<tr><td>User ID</td><td>{$userId}</td></tr>";
    echo "<tr><td>Region</td><td>{$region}</td></tr>";
    echo "</table><br>";

    echo "<h2>🔹 Secrets Manager 메타데이터</h2>";
    echo "<table border='1' cellpadding='5' cellspacing='0'>";
    echo "<tr><td>Secret Name</td><td>{$secretName}</td></tr>";
    echo "<tr><td>Version ID</td><td>{$result['VersionId']}</td></tr>";
    echo "<tr><td>ARN</td><td>{$result['ARN']}</td></tr>";
    echo "<tr><td>Created Date</td><td>{$result['CreatedDate']}</td></tr>";
    echo "</table><br>";

    echo "<h2>🔹 시크릿 키/값</h2>";
    if (!empty($secretData)) {
        echo "<table border='1' cellpadding='5' cellspacing='0'>";
        echo "<tr><th>Key</th><th>Value</th></tr>";
        foreach ($secretData as $key => $value) {
            echo "<tr><td>{$key}</td><td>{$value}</td></tr>";
        }
        echo "</table><br>";
    } else {
        echo "<p>시크릿 값이 존재하지 않습니다.</p>";
    }

    // password 값만 따로 강조 출력
    if (isset($secretData['password'])) {
        echo "<h3>🔑 현재 비밀번호:</h3>";
        echo "<pre style='color:green; font-weight:bold; font-size:16px;'>" . $secretData['password'] . "</pre>";
    }

} catch (AwsException $e) {
    echo "<h3 style='color:red;'>AWS Secrets Manager 호출 실패</h3>";
    echo "<pre>" . $e->getMessage() . "</pre>";
}
?>

```

4. 연결 수립 확인

<figure><img src="/files/FVeaN6MeAhPCLwKRvqYv" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.pentestwiki.com/home-lab/aws/secrets-manager.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.