# Protect the Configuration with AWS Secrets Manager Amazon AWS Secrets Manager can be utilized on an EC2 instance hosting Keeper Commander in order to protect and store the configuration data. The AWS Secrets Manager protected storage resource URL format is as follows: ``` aws-sm:/// ``` **Example**: `aws-sm://us-west-2/commander/config` The secret name should contain URL-safe characters and not start with forward slash `/` Keeper Commander requires the following access permissions to the secret resource * **secretsmanager:GetSecretValue** * **secretsmanager:PutSecretValue** Example AWS policy granting access to secret {% code overflow="wrap" %} ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Resource": "arn:aws:secretsmanager:::secret:" } ] } ``` {% endcode %} {% hint style="info" %} Keeper Commander installed with `pip` requires `boto3` package to present in the virtual environment `pip install boto3` {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/keeperpam/commander-cli/commander-installation-setup/configuration/aws-secrets-manager.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.