Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Application secrets can be stored in AWS Secrets Manager and injected as environment variables or files into running applications.

Secrets like encryption keys or API keys should be kept separate from configuration values like host name or time zone.

When storing application secrets:

  • Use a separate Secrets Manager secret for each service for which you need a secret value

  • Use a different secret value for each environment like staging and production

  • Don’t copy values between secrets - if secret values must be reused, store them centrally and allow access to the services which need them

Following these guidelines will limit the damage if secrets are partly disclosed and will make recovery from secret disclosure easier.

...

Info

The AWS Platform Guide now lives at thoughtbot.com

Visit Application Secrets to access this page's content