> For the complete documentation index, see [llms.txt](https://docs.mobb.ai/mobb-user-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.mobb.ai/mobb-user-docs/more-info/mobb-broker/secure-storage-of-mobb-broker-in-aws-secrets-manager.md).
# Secure storage of Mobb broker in AWS Secrets Manager
This guide outlines the process of securely storing and managing the Mobb Broker Token within an ECS (Elastic Container Service) environment using AWS Secrets Manager. It details the steps involved in automating token rotations, securely storing the token using AWS Secrets Manager, and configuring ECS to automatically retrieve the token value from AWS Secrets Manager.
## Pre-requisites
This guide is only applicable if you are hosting the Mobb broker on AWS ECS. For a regular docker container deployment, refer to the main [broker deployment guide](/mobb-user-docs/more-info/mobb-broker.md).
## Workflow of managing broker token with AWS Secrets Manager
**Step 1 -** During token rotations, your Mobb organization’s administrator will generate a new Mobb Broker Token in the Mobb application via the UI (coming soon) or GraphQL API
**Step 1.1 (Optional)** - If required, the new token can be configured to be automatically shared across Mobb and your AWS Secrets Manager instances.
**Step 2 -** The token value obtained is stored in your AWS Secrets Manager
**Step 3 -** Mobb Broker hosted on ECS is configured to retrieve the new token value from the AWS Secrets Manager through the ECS Environment Variable automatic value retrieval feature. This can be achieved by setting the ECS Environment Variable parameter type to “`ValueFrom`” and the value to the Amazon Resource Name (ARN) of the AWS Secrets Manager secret. For more information, see the link:
Here is a screenshot of the “`valueFrom`” parameter type in the AWS documentation:
Here is an example screenshot of the “ValueFrom” parameter type selection in the ECS environment variable configuration screen:
## Additional Notes
The entire process can be fully automated via a cron job configured on your side. Mobb's engineering team can provide a sample script that can be loaded in your AWS environment (AWS Lambda, EC2, or ECS Scheduled Tasks), triggered on a periodic basis to ensure the token is automatically rotated prior to the defined expiry date (default is 3 months from the date the token was generated).
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.mobb.ai/mobb-user-docs/more-info/mobb-broker/secure-storage-of-mobb-broker-in-aws-secrets-manager.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.