AWS Workload Credentials Provider automates certificate and secret distribution
AWS has released the Workload Credentials Provider, a new client-side tool that automates the deployment and caching of certificates from AWS Certificate Manager (ACM) and secrets from AWS Secrets Manager. This simplifies certificate renewal management, especially with shorter certificate lifetimes mandated by the CA/B Forum, and unifies secret and certificate distribution across cloud and on-premises workloads. The provider is open source, available for Windows and Linux, and supports common web servers, aiming to prevent expiry-related failures for users.
- →Automated certificate and secret distribution for workloads
- →Streamlined certificate renewal and deployment
- →Unified secrets caching across environments
- →Open-source provider supports Windows, Linux, and web servers
Features (1) ›
- Automated certificate and secret distribution for workloads
The AWS Workload Credentials Provider automates the export and deployment of certificates from ACM and caches secrets from Secrets Manager. This simplifies management, especially with decreasing certificate lifetimes, and unifies distribution across cloud and non-AWS environments.
Enhancements (2) ›
- Streamlined certificate renewal and deployment
Eliminates the need for custom automation to manage certificate renewals from ACM, reducing maintenance complexity and preventing expiry-related failures for workloads.
- Unified secrets caching across environments
Maintains backwards compatibility with the AWS Secrets Manager Agent, allowing secure local caching of application secrets for both AWS and non-AWS workloads through a single provider.
Notes (1) ›
- Open-source provider supports Windows, Linux, and web servers
The AWS Workload Credentials Provider is open source, available on GitHub, and runs on Windows and Linux. It supports Apache and NGINX web servers, and is available in all AWS Regions for use with exportable ACM certificates and Secrets Manager.
https://aws.amazon.com/about-aws/whats-new/2026/06/aws-workload-credentials-provider/