替代/配置 AWS 机密管理器
[英]Alternatives of/Configuring AWS secrets manager
问题描述
Currently, Our Security engineering team is not allowing to write in secrets manager but read is fine.
目前,我们的安全工程团队不允许在 Secrets Manager 中写入,但可以读取。
We have a common lambda role which is being used by other modules as well.我们有一个通用的 lambda 角色,它也被其他模块使用。
- Is there any way to configure writing limited to only particular secrets?有没有办法配置仅限于特定秘密的写作?
- Alternatives to AWS secrets manager. AWS 机密管理器的替代品。
2 个解决方案
解决方案1
0 2021-12-27 15:42:32
- Is there any way to configure writing limited to only particular secrets?
Yes.是的。 This official documentation shows how to grant read access to only specific secrets. 该官方文档展示了如何仅授予对特定机密的读取权限。 You could do the same thing with write access.你可以用写访问做同样的事情。
- Alternatives to AWS secrets manager.
解决方案2
0 2021-12-27 22:44:40
Strong recommendation for using Secrets Manager or SSM Parameter Store to store secrets, but there are also other, non-AWS alternatives like Hashicorp's Vault.强烈建议使用 Secrets Manager 或 SSM Parameter Store 来存储机密,但也有其他非 AWS 替代方案,例如 Hashicorp 的 Vault。 It can be found from AWS Marketplace ( https://aws.amazon.com/marketplace/pp/prodview-ngzq6n42psnxa ) or downloaded from the vendor website ( https://www.vaultproject.io/ ).它可以从 AWS Marketplace ( https://aws.amazon.com/marketplace/pp/prodview-ngzq6n42psnxa ) 找到或从供应商网站 ( https://www.vaultproject.io/ ) 下载。
Don't forget to ask security team review and approval before using in production environments.在生产环境中使用之前,不要忘记询问安全团队的审核和批准。 :-) :-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.