Discover secrets from AWS Secrets Manager. Populates the secrets inventory with names, ARNs, rotation status, and rotation schedule. Secret values are never read.
Source connector — pulls identity and access data from AWS Secrets Manager into ComplianceScout where it is scored against your compliance frameworks and violation rules.
After a successful sync, the following data is available in your ComplianceScout dashboard for violation detection and reporting.
These fields are collected when you add the connector in the ComplianceScout dashboard. Secrets are encrypted at rest using AES-256-GCM and are never logged.
| Field | Type | Required | Notes |
|---|---|---|---|
| AWS region | Text | Required | e.g. us-east-1, eu-west-1 |
| Auth method | Text | Required | Enter "access_key" for static credentials, or "role_arn" for cross-account role assumption. |
| Access key ID | Text | Optional | Required when authMethod is "access_key". |
| Secret access key | Secret | Optional | Required when authMethod is "access_key". |
| Role ARN | Text | Optional | Required when authMethod is "role_arn". e.g. arn:aws:iam::123456789012:role/ComplianceScoutReadOnly |
Follow these steps to gather the credentials above and connect AWS Secrets Manager to ComplianceScout.
In the AWS IAM console, create an IAM role or user with secretsmanager:ListSecrets and secretsmanager:DescribeSecret permissions.
If using cross-account role assumption, add a trust policy allowing ComplianceScout's account to assume the role with an external ID.
Copy the Role ARN or the Access Key ID/Secret for the IAM user.
In ComplianceScout, go to Data & Secrets → Integrations → Add Connector → AWS Secrets Manager, enter the region and credentials, then click Test and Save.
Start a free trial — your tenant is provisioned instantly and you can wire up this integration from the connectors page.