Securing AWS RDS credentials for Lambda
Question
Right now I am passing the username and password in as environment variables. The variables are retrieved from a different file so the cloudformation stored using git does not contain the password and username which is good. But, right now they are stored in plaintext when looking at the lambda in the console.
What is the best practice for storing these credentials in the most cloud provider agnostic way? I basically just don't want to use KMS or any other key storing AWS service.
Just for completeness I have also considered storing the password in a dynamodb table. Then I would use IAM to be able to retrieve those credentials. But, those credentials are still stored in plaintext. If this is the best way to retrieve credentials is there a best way to encrypt it or this path not the best.
Thanks for all comments and advice.
1 answers
solution1
5 ACCPTED 2019-04-30 15:18:08
We use AWS Secrets Manager for this exact situation. Works perfectly for us.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.