AWS Secrets Manager adds secret safety skill to Agent Toolkit
AWS Secrets Manager now includes a secret safety skill within the Agent Toolkit for AWS's aws-core plugin, enhancing security for AI coding agents. This feature prevents sensitive secrets from being exposed to AI models or session logs during agentic workflows. It is available today for all supported agent harnesses and AWS Regions, offering a crucial security upgrade for developers building on AWS.
- →Secret safety skill for AI coding agents
- →Secure secret handling in agentic workflows
- →Availability and getting started
Features (1) ›
- Secret safety skill for AI coding agents
A new secret safety skill, part of the aws-core plugin in the Agent Toolkit for AWS, allows AI coding agents to use secrets without exposing them to models or logs. This skill steers agents away from requesting raw secret values and resolves references at execution time outside the agent process.
Enhancements (1) ›
- Secure secret handling in agentic workflows
This enhancement addresses the previous vulnerability where AI agents could retrieve secrets as plain text, exposing sensitive data. The new skill ensures plaintext secrets are never present in model context, session logs, or agent memory, while maintaining workflow continuity for developers.
Notes (1) ›
- Availability and getting started
The secret safety skill is available today for all agent harnesses supported by the Agent Toolkit for AWS, including Claude Code, Codex, and Cursor, across all AWS Regions where Secrets Manager is available. Installation involves adding the aws-core plugin via the Agent Toolkit for AWS GitHub repository.
https://aws.amazon.com/about-aws/whats-new/2026/06/safe-secrets-handling-in-agent-toolkit-for-aws/