AWS has recently rolled out Secrets Manager in April 2018. It comes with a web console for you to easily CRUD the secrets, and it works with IAM to control who and what can access them. If you run one or more Rails apps in EC2, you can use IAM roles for EC2 to implement access control for each of the secrets. However, I don’t find it easy and straightforward to fetch the secrets in Ruby on Rails.