1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
2
You could use SSM Parameter store. Parameter store gives you the ability to store secrete strings: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
My organization uses this for some of the API keys we need to store. I don't have any data on the pricing history of Secrets Manager but as far as I know, from the past 4 years working with AWS, Secrets Manager has not changed their pricing model.
respondido hace 8 meses
Contenido relevante
- OFICIAL DE AWSActualizada hace 10 meses
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 8 meses
What are the arguments against using a SecureString in the parameter store instead of secrets manager? Is it just extra features (for example rotation)? Are there other implications?
They do the same thing with "air quotes." Secrets Manager has some extra features like rotation, as you stated. You could build your own logic to handle the features that secrets manager offers ( like rotation, my organization does this ) and use parameter store to save on costs.
I will check out SSM Parameter Store. I also wondered about just store snippets in S3 and use KMS to encrypt them. I contemplated storing secrets as encrypted blobs in dynamo then using KMS but the KMS pricing isn't that different than secrets store.
For lightly used secrets (less than 40 retrievals/second) SSM Parameter retrievals are free. I don't know if that limit is per-parameter but I don't think so - I think it's for the whole account. If you need more, the price goes up to the same $0.05 per 10,000 as the secret store. So price wise that's probably a wash. (Do I have this right?)