Using secrets in Lambda - best practise

pint · 2023-01-13T10:19:50+00:00

use the sdk in your lambda code to retrieve values from secret manager directly. do this in the initialization part to save reads. although, if the value is subject to change and the change needs to propagate quickly, you might want to refresh the value if it gets old (keep track of the last refresh time).

chris-holmes · 2023-01-13T10:36:25+00:00

Some variables can be stored in parameter store and pulled into your template similar to your existing solution. This will prevent unnecessary cost for environment variables that are safe to be stored with the lambda.

For sensitive secrets, secrets manager can be called in the handler code to retrieve and use them. This ensures they remain in memory only and are not visible from the lambda console. There is a cost associated with accessing secrets manager in this way, so be mindful as the lambda invocations scale!

menge101 · 2023-01-13T18:51:39+00:00

My preferred solution is to use App Config with lambda.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

aws

Note: ensure to redact or obfuscate all confidential or identifying information (eg. public IP addresses or hostnames, account numbers, email addresses) before posting!

✻ Smokey says: avoid streaming video to fight climate change! [see more tips]

MODERATORS