AWS Secrets Manager Agent now supports two new capabilities: pre-fetching secrets at startup and assuming an IAM role to retrieve secrets. With pre-fetching, you can specify a list of secrets or a tag value to retrieve and cache at agent startup, reducing application startup latency and optimizing cost through the BatchGetSecretValue API. With IAM role assumption, you can pass a role ARN in your pre-fetch configuration or HTTP requests for secret retrieval. The agent assumes the specified role to retrieve secrets, enabling cross-account secret retrieval by assuming a role in a different account.
Together, these enhancements strengthen your security posture through role-based secret access and reduce operational overhead by eliminating custom pre-loading logic. For example, a microservice that requires 20 secrets at startup can now pre-fetch them in a single batch operation, cutting startup latency by avoiding sequential GetSecretValue calls. IAM role assumption also simplifies multi-account architectures by enabling you to specify a different IAM role per secret.
AWS Secrets Manager Agent with pre-fetching and IAM role assumption is supported in all AWS Regions where AWS Secrets Manager is offered. To learn more, visit the AWS Secrets Manager Agent documentation.
Categories: general:products/aws-secrets-manager
Source: Amazon Web Services
Latest Posts
- Introducing pre-fetching and IAM role assumption for AWS Secrets Manager Agent
- GCP Release Notes: May 19, 2026
- Microsoft Copilot Studio – Group and analyze the performance of user questions by themes [MC1295106]
- Dynamics 365 Customer Service – Enable enhanced screen recording controls for admins [MC1302880]
