Amazon web services - Storing AWA Secrets from SecretManager to Repository - PhpOut

HinoRei
December 17, 2024
85 views
0 votes
2 Answers

Would like to understand does anyone commits the AWS Secret Manager CloudFormation file to private repository ?

If not how should the team manage the changes and version control the configuration ?

Tags: amazon-web-services aws-secrets-manager

Answers

- Dev4ever
- December 16, 2024 at 1:59 pm
- 0 votes
0
It’s not a good practice to store secrets in a CloudFormation template. You should always keep your configuration separated from your code.

You can use:
- Parameter store for general configuration (URLs / resources names / …)
- Parameter store with Secure String type
- Secrets manager
- AWS AppConfig for feature flags type of configuration
Best approach would be to put most of your configuration in Parameter store, and use Parameter store with Secure String type or Secrets manager only for sensible information.

For versioning, you can use Secrets manager versioning and save up to 100 versions per secret.
Login or Signup to reply.

- VickiGarret
- December 17, 2024 at 9:30 am
- 0 votes
0
I think it’s security risk to store secrets in CloudFormation templates, even in private repositories. You may store all secrets directly in AWS Secrets Manager and use secret references in your CloudFormation when needed. As for version control, there is AWS Secrets Manager’s built-in configuration.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.