walter
Reputation: 547
How do I encrypt an aws-cdk-lamdba environment variable using KMS?
export class CdkStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const func = new lambda.Function(this, 'TestLambda', {
runtime: lambda.Runtime.NODEJS_10_X,
handler: 'index.handler',
code: lambda.Code.fromAsset(path.join(__dirname, 'resources\\lambda')),
role: exeRole,
environment: {
"KEY_PHRASE": cipherText,//**I want to be able to encrypt this value using KMS**
}
});
}
}
as the code snippet shows, I want to encrypt an environment variable KEY_PHRASE , is @aws-sdk/client-kms the one that I should look into? or is there a CDK lamdba native way of handling of this?
Upvotes: 1
Views: 1788
Answers (1)
janquijano
Reputation: 154
Lambda encrypts environment variable at rest by default using a CMK that Lambda creates in your account. But you can create your own CMK and use this for encrypting environment variables.
Upvotes: 1
Related Questions
- Decrypt SSM stored parameter with KMS encryption, Error: InvalidCiphertextException
- Encrypt secret manager value using kms cloud formation
- How to encrypt environment variables for Lambda via CLI?
- Run AWS CLI KMS encrypt commands from Cloudformation
- Iis it possible to encrypt Lambda environment variables with the default KMS?
- AWS Encryption SDK Encrypt/Decrypt with Data Key
- How to encrypt AWS Lambda environment variables using CloudFormation
- How do I use the AWS CLI to set encrypted Lambda environment variables?
- How to use encrypted environment variables in AWS Lambda?
- What is the best practice for storing sensitive env vars using AWS Lambda?