There are various instances where you would need to use credentials, tokens, API keys etc. to access certain services. For example, you would need to use your SQL server credentials to access certain DB for your application. But, storing those in the codebase as a plain text file is not the best idea. It is a security vulnerability. Anyone with access to your codebase would be able to read those secrets and get unauthorized access to your services and perform malicious actions. You could encrypt the secrets, and share the key external to your application as a config file to allow for decryption. But managing secrets like that can become complex quickly. AWS has a Secrets Manager that as the name suggests is a service that allows you to manage your secrets. In this article, I’ll talk about how to store a secret and retrieve it programmatically.

AWS Secrets Manager

This service allows you to protect secrets needed to access your applications, services and IT resources. One can easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. The service is extensible to other types of secrets, including API keys and OAuth tokens. Moreover, you can control access to secrets using fine-grained permissions and audit secret rotation centrally for resources in the AWS Cloud, third-party services, and on-premises. The secrets can be replicated to other regions easily to support multi-region applications. Now we will look at the steps required to create a secret and retrieve it programmatically.

#aws #aws secrets manager