Skip to content

Backend Document (lekhraj Dinkar) 2025

Secrets Manager

Backend Document (lekhraj Dinkar) 2025

Docker
Docker
Kubernetes
Kubernetes
- Readme
- Kickoff
  Kickoff
- A2.1 KCAD
  A2.1 KCAD
  - Certification Topics
  - Labs
  - Commands (YAML)
  - 01 Core Concepts
    01 Core Concepts
    
    Container
    
    Pod
    
    ReplicaSet
    
    Deployment
    
    StatefulSets
    
    Namespace
    
    ConfigMap
    
    Secrets with Encryption
    
    Security Context
    
    Service Account
    
    Resource Requirements
    
    Pod Placement
    
    Controllers
    
    PDB
    
    DaemonSet
  - 02 Pod Design
    02 Pod Design
    
    Multi-Container Pods
    
    Labels + Selectors
    
    Deployments
    
    Jobs
  - 03 Observability
    03 Observability
    
    Readiness + Liveness
    
    Logging
    
    Monitor & Debug
  - 04 Services + Networking
    04 Services + Networking
    
    Services
    
    Ingress
    
    Network Policies
  - 05 State Persistence
    05 State Persistence
    
    Volumes
    
    Storage Class
  - 06 Security
    06 Security
    
    Authentication
    
    Kubeconfig File
    
    API Groups
    
    Authorization
    
    Cluster Roles
    
    Admission Controllers
  - 07 Others
    07 Others
    
    API Versioning
    
    CRD
- A2.2 EKS
  A2.2 EKS
  - Cluster Setup
  - Add User + SA
  - Nodegroup + Fargate
  - Developer
    Developer
    
    Getting Started
    
    HPA
    
    Deployment
  - Code Guide
    Code Guide
    
    MCP Cluster
    
    Ingress Annotation
    
    Pod Annotation
    
    SA Annotation
    
    External Secret
    
    External Secret v2
    
    IRSA
- A2.3 Helm
  A2.3 Helm
  - Helm Chart Kickoff
Terraform
Terraform
Harness / CD pipleine
Harness / CD pipleine
- kick_off
- delegates
- bash
AWS
AWS
- 00 AWS DVA-C02
  00 AWS DVA-C02
  - DVA Overview
  - CLI & SDK
  - CloudFormation
  - CI/CD
  - SAM
  - CDK
  - Handson
- 01 AWS Compute
  01 AWS Compute
  - EC2
  - ECS
  - EKS
  - Lambda Intro
  - Lambda CLI
  - Lambda Triggers
  - Lambda Event/Context
  - App Runner
  - Step Functions
- 02 AWS Storage
  02 AWS Storage
  - S3 Basics
  - S3 Advanced
  - EBS & EFS
  - FSx
  - Snow Family
- 03 AWS Database
  03 AWS Database
  - RDS
  - Aurora
  - DynamoDB SSA
  - DynamoDB Ops
  - DAX
- 05 AWS Decouple
  05 AWS Decouple
  - SQS
  - SNS
  - KDS
  - KDF
  - Active MQ
  - EventBridge
  - MSK
- 06 AWS Networking
  06 AWS Networking
- 07 AWS Security
  07 AWS Security
  - IAM
  - SSO & DirectoryService
  - cognito_SAA
  - KMS SSA
  - KMS DVA
  - Secrets Manager Secrets Manager
    Table of contents
    
    Intro
    
    Exam scenario
  - SSM-param-store
  - ACM
  - WAF+FirewallManager
  - AWS Sheild
  - HSM DVA
  - more
- 08 AWS Monitoring
  08 AWS Monitoring
- 09 AWS Analytics
  09 AWS Analytics
  - Athena
  - Redshift
  - QuickSight
  - Glue ETL
- 10 AWS DR & Migration
  10 AWS DR & Migration
- 11 AWS Practice
  11 AWS Practice
  - Practice Test
Java
Java
- Java 7
- Java 8
- Java 9-11
- Java 11-17
- Java 17-21
Springboot
Springboot
- 00 lombok mvn git
- 01 Spring Core
  01 Spring Core
- 02 Spring Boot
  02 Spring Boot
- 03 Web
  03 Web
- 04 Data Layer
  04 Data Layer
- 05 Security
  05 Security
- 06 ETL SpringBatch
  06 ETL SpringBatch
  - index
  - SpringBatch
Messaging
Messaging
- Messaging Protocols Overview
- 01 Kafka
  01 Kafka
- 02 RabbitMQ
  02 RabbitMQ
  - Kickoff
  - Project Overview
Database
Database
- 01 RDBMS
  01 RDBMS
Architecture
Architecture
- Overview
- 01 Web Security
  01 Web Security
- 02 Modern Web Architecture
  02 Modern Web Architecture
  - Kickoff 2024
  - Twelve-Factor App
- 03 Microservices
  03 Microservices
- 04 Project 1 (PROJ-1)
  04 Project 1 (PROJ-1)
Observability
Observability

Secret manager¶

Intro¶

Rotation
enforce rotation of secrets every X days
Automate generation of secrets on rotation (uses Lambda)
replicate across region
primary
replica in region
- while DR, can promote as primary
Integration with:
- Amazon RDS (MySQL, PostgreSQL)
- Aurora
- KMS
- ...

Exam scenario¶

1. API gateway API key stored in secret manager. rotate it.¶
only database credential rotate automatically.
for API key, use lambda which will request new key and update secret, programmatically.