Reputation: 2238
Storing public certificates and private keys safely
I want to use certificate based authentication in AWS Lambda to generate oauth tokens. Currently I am storing the certificates and private keys locally and running it like a normal java application.
I am planning to use AWS Secrets manager to store these certificates and keys. However the issue is since we are using terraform to provision AWS resources, it seems like we will have to keep these certs and keys in our bitbucket repo which will have security risks. Is there any other way I can use these certificates in AWS lambda without actually storing them in bitbucket repo?
Upvotes: 0
Views: 999
Answers (1)
Reputation: 200527
The Terraform aws_secretsmanager_secret_version resource takes a string value, but that doesn't mean you have to hard-code the string inside that resource. You need to think about how you can read that key value into Terraform and reference it inside the resource.
For example, that string could come from a local file, or an S3 object. Terraform could also generate the TLS key for you.
Upvotes: 1
Related Questions
- Storing public certificates and private keys in AWS
- How to store JKS certificate in AWS Secret Manager?
- How to manage AWS Secret Keys for local development
- What is standard practice for storing private SSH keys for AWS Lambda
- How to manage Asymmetric (Public/Private) Keys in AWS
- Where to store RSA private key for a (Spring Boot) Java AWS program
- Storing secrets in AWS Lambda package
- Storing AWS IAM keys
- Using AWS as certificate store
- How to manage application secrets in AWS?