Storing Secrets in AWS

calendar Feb 18, 2024 · 1 min read · aws security  ·
Share on: linkedin copy

(this post if part of the material I cover in my devops course)

Parameter Store

  • Parameter Store is a feature of the AWS Systems Manager service.
  • It is a centralized store to manage your configuration data, whether plain-text data such as database strings or secrets such as passwords. This allows you to separate your secrets and configuration data from your code.
  • Parameters can be tagged and organized into hierarchies, helping you manage parameters more easily.
  • Systems Manager is integrated with AWS Key Management Service (KMS), allowing you to automatically encrypt the data you store.
  • You can also control user and resource access to parameters using AWS Identity and Access Management (IAM)

AWS Secrets Manager

  • AWS Secrets Manager was tailored specifically for secrets, so it is similar to the Parameter store, but with these differences:
    • It is not limited by the number of parameters allowed (currently 10000)
    • There is also an automatic secrets rotation feature
    • Secret Manager is not free