Suggestion on storing public certificates in AWS
Hi, I have a case where I would like to store third-parties certificates in our AWS account. We MUST NOT have access to their private, only public keys. What would you recommend to store public keys certificate, which belong to external clients, in AWS?
- 최신
- 최다 투표
- 가장 많은 댓글
It is kind of shared responsibility model issue and you may be familiar on it. AWS provides security of the cloud, and customer needs to ensure security in the cloud (e.g. how you configure security policy to ensure data is securely stored). For security of the cloud, AWS provides with Secret Manager to store the sensitive data like, API key, certificate etc. Undoubtedly, you can also store public key on Secret Manager. Ensure you have properly configure security of the Secret Manager and the size of secret is limited to 64KB. (https://docs.aws.amazon.com/secretsmanager/latest/userguide/security.html).
AWS Certificate Manager (ACM) can help the customer handling third-parties certificates, AWS public CA or private CA. To import a self–signed SSL/TLS certificate into ACM, you must provide both the certificate and its private key. To import a certificate signed by a non-AWS certificate authority (CA), you must also include the private and public keys of certificate. Refer URL:https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
Private key cannot be shared so above doesn’t fly