AWS announces AWS Workload Credentials Provider

AWS has launched the AWS Workload Credentials Provider, a lightweight client-side tool that automates the deployment of exported certificates from AWS Certificate Manager (ACM) and handles local caching of secrets from AWS Secrets Manager across both AWS and non-AWS workloads. The provider addresses the growing complexity of certificate management as public certificate lifetimes continue to decrease under Certification Authority Browser Forum mandates, eliminating the need for customers to build custom automation using Amazon EventBridge to detect certificate renewals and deploy updates. The new provider supports Windows and Linux environments and integrates with Apache and NGINX web servers. Administrators configure it with their certificate ARN and specify options such as file paths and server reload behavior, after which the provider automatically handles certificate export and deployment to prevent expiry-related failures. For secrets management, the tool maintains full backwards compatibility with the existing AWS Secrets Manager Agent, enabling organizations to securely cache application secrets locally through a unified interface. The AWS Workload Credentials Provider is available as an open-source project on GitHub and works with exportable ACM certificates and Secrets Manager across all AWS Regions. The release represents AWS's effort to streamline certificate lifecycle management as the industry moves toward shorter certificate validity periods.