I'm creating a ci/cd pipeline in AWS Codepipeline and for this, I created a lot of parameters in AWS SecretManager (github password, dockerhub password, and so on).
Well, this secrets are mine (from my personal account) and can't be shared with anyone, including the root account.
Is there a way to protect these secrets from root account? I would like to give access to read/write in these secrets only for my pipeline, but root account can change it if wants to.
It's not possible to restrict the access of the root user to a service unless the account itself doesn't have access to the service. This can be done with AWS Organizations SCP.