- Newest
- Most votes
- Most comments
If i understand correctly, you should be leveraging either AWS Secrets Manager or AWS Systems Manager Parameter Store to store and retrieve secrets. https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_parameterstore.html https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
If you are using Systems Manager Parameter Store, make sure you use "SecureString" data type. You need to make sure your app has grant access to Parameter Store.
Both Parameter Store and Secrets Manager provide secure storage and retrieval of sensitive data. The choice between the two services depends on your specific requirements, such as rotation policies, auditing, and integration with other AWS services. you have SDK to retrieve the values in both solutions.
Relevant content
- Accepted Answerasked a year ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Thanks for your answer. I am deploying a Next.js app on Amplify but require to pass a secret into the Node.js process.env.secrets, as described by https://docs.aws.amazon.com/amplify/latest/userguide/environment-variables.html#environment-secrets
'Access environment secrets Accessing an environment secret during a build is similar to accessing environment variables, except that environment secrets are stored in process.env.secrets as a JSON string.'
I created the secret in the parameter store and had access to process.env.secrets during build, but there is an error at runtime because I still require the secret but it's no longer available.
Thanks.