Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Using Secrets Manager as a Password Vault

0

Our Unix/Linux team uses an Open Source password vault to manage our root and other critical passwords. We're interested in an AWS-based solution. Requirements in no particular order:

  • Accessible by our team only -- another team has the same general CommonSysAdmin role we do, but we don't want to expose our root password to them.
  • Quickly available from the web given proper credentials and coming from a company laptop.
  • No need for a password to get the password. Assume we are already fully authenticated opening the Secrets Manager.
  • Transparently encrypt the password using a private key already on the company laptop.

Suggestions for additional requirements welcome!

  • rePost-User-8334362
    hace 2 años

    Additional thoughts. The Secrets Manager generally assumes programmatic interfaces. Our use case is more interactive -- or perhaps using an application or script to retrieve the password.

Temas
CálculoSeguridad, identidad y cumplimientoAWS Well-Architected Framework
Etiquetas
Aprovisionamiento LinuxAWS Identity and Access ManagementCálculoAWS Secrets ManagerSeguridad
Idioma
English
rePost-User-8334362
preguntada hace 2 años961 visualizaciones
2 Respuestas
0

You may want to look at Amazon Cognito - https://aws.amazon.com/cognito/

Amazon Cognito User Pools is a feature that may meet your requirements - https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html

profile pictureAWS
EXPERTO
Indranil Banerjee AWS
respondido hace 2 años
0

You can definitely build something that meets your requirements using Secrets Manager as a back-end. Command-line and web interfaces are definitely possible. But there's no native complete service that AWS offers that will cover your needs all-in-one.

If you don't have the appetite, skills or time to build a solution I'd suggest looking in the AWS Marketplace for solutions or look at other hosted third-party offerings.

profile pictureAWS
EXPERTO
Brettski-AWS
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante