Member-only story
Where do you store secrets for AWS Serverless apps?!?
There are many choices for safely storing your application secrets so let’s take a look at a few options. If you’re building with AWS Lambda, there are a few built in features that you can choose from, but you can also leverage your own secret storage standard. Let’s jump in.
I’ll rate these in three categories on a scale of 1 to 3 (3 being the best):
Ease of Use, Level of Security, and Cost.
Lambda Environment Variables
This is the easiest and cheapest way to store configuration or secret data. Its built right into the Lambda service and is completely free. Environment variables are simply key value pairs that Lambda manages on your behalf. They are visible in plaintext in the console — however, you can apply a AWS KMS key to encrypt/decrypt at REST.
You use standard programming language constructs to access the variables. For example, in NodeJs:
process.env.[name of your env var here]- Ease of Use: 3
- Level of Security: 1
- Cost: 3
The only major thing to be aware of is that all Lambda alias’s share one set of env variables. You cannot have separate values for each alias. If you Version your function, the…
