Today we’re announcing a powerful new integration for the Aembit Workload IAM Platform – full support for AWS Secrets Manager. With this update, Aembit can validate workload identity and enforce access policies while retrieving credentials directly from AWS Secrets Manager.

This expands our already robust list of integrations and broadens the types of identity and credential providers we support, making it even easier for organizations to manage and secure access to their critical AI and workload resources in AWS and beyond to support your modern applications.

This enhancement can be used along with Aembit’s AWS Workload Identity Federation (WIF) using STS support to further secure your secrets and simplify multi-cloud access.

Aembit is now available on the AWS marketplace here.

Why AWS Secrets Manager Matters

While the industry is steadily moving toward more secure, short-lived tokens and identity federation for authentication, an estimated 200,000 to 500,000 organizations still rely on AWS Secrets Manager to store and retrieve long-lived credentials. Many agentic AI workloads continue to use static, long-lived secrets for both human and nonhuman identities.

At Aembit, we aim to meet customers where they are today while helping them transition to a more secure future. This integration bridges that gap, providing essential support for organizations that use AWS Secrets Manager even as services evolve toward ephemeral credentials.

Modern applications hosted on a cloud platform like AWS are architected as networks of decoupled components (microservices) that communicate through secure APIs. These components can easily incorporate specialized functionality from external third-party services, each requiring different authentication methods and credential types often stored in AWS Secrets Manager.

Rather than building every feature from scratch, developers integrate with best-in-class providers for specific domains. For payments, for example, applications rarely handle sensitive card data directly, instead relying on Payment Service Providers (PSPs) like Stripe or Braintree to securely process transactions and subscriptions.

For AI capabilities, they can connect to external model APIs such as OpenAI (for the GPT series of large language models) or Google Cloud AI to integrate natural language generation or image recognition. For broader business functions, applications might use Twilio for messaging, Salesforce for customer relationship management (CRM) data synchronization, or Google Maps Platform for real-time geolocation and mapping – creating a rich, composable experience where the cloud platform serves as a scalable, secure integration layer.

Below is an example of applications accessing static and ephemeral tokens from AWS Secrets Manager to reach various AI services.