Reputation: 489
Best way to get a rotating Secrets Manager secret to Parameter Store
I'd like to setup a rotating token in Secrets Manager. Our app however uses environment variables from Parameter Store. I need to reference this updated token in our app.
What's the best way to have my app get the updated token? Maybe every 30 days or whatever the rotation period is. Is it a scheduled lambda?
Upvotes: 0
Views: 1053
Answers (1)
Reputation: 16775
Parameter Store parameters can reference Secret Manager secrets. This means that you can save a value in AWS Secrets Manager and use the rotation provided by it. As long as your secret is not an RDS, DocumentDB or Redshift secret, you will have to create a Lambda function for rotation (see docs).
Although, the solution above would work, it might be simpler to have a the value saved in SSM Parameter Store encrypted and simply use a Lambda function with a CloudWatch scheduled event to rotate it.
Upvotes: 2
Related Questions
- How to store password in AWS Parameter Store
- How do I grant a rotation Lambda access to AWS Secrets Manager
- right way to implement secrets caching in aws secrets manager
- Secrets Rotation using AWS Lambda and the AWS SDK for Java
- Rotating a Secret Using a Custom Lambda Function
- Reference Secrets Manager Parameters to Secret String
- Securely upload secrets to Secret Manager/Parameter Store
- Secrets as password format in AWS
- AWS Secrets Manager rotation for RDS credentials
- How to use new secret created by key rotation from AWS Secrets Manager