Sheifa
Reputation: 33
How do I store encrypted env variables in Altostra ENV?
I have an Altostra project with a Lambda function that listens on SNS topic, and needs to call another service using an API Token. I need to save the API Key as an env variable, how do I keep it encrypted?
Could anybody help me with that?
Thanks!
Upvotes: 2
Views: 76
Answers (1)
Shiran David
Reputation: 46
It is not recommended to store sensitive data in an env variable, because it will be exposed to anyone who can access the Lambda. A better option is to store the API key in a SSM parameter. AWS SSM is a secured storage for sensitive data.
You can add a SSM parameter reference to an Altostra project and use it in the Lambda like so:
- Add a parameter to SSM in AWS web console (Type = SecureString).
- Add a SSM resource and the parameter name of the API key:
- Connect the Lambda to the SSM resource:
- In the Lambda code, import SSM from aws-sdk, and call ssm.getParameter() in order to use the api-key:
import { SSM } from 'aws-sdk';
const ssm = new SSM();
const param = await ssm.getParameter({
Name: 'api-key',
WithDecryption: true,
}).promise();Upvotes: 3
Related Questions
- Parameter Store Vs Encrypted Environment Variables for Lambda
- How to encrypt environment variables for Lambda via CLI?
- ASP.NET Core on AWS Lambda - Data Protection keys store as Env Variable
- How to encrypt variables when using airflow EmrAddStepsOperator?
- Decrypting multiple env. variables in AWS Lambda
- How to encrypt AWS Lambda environment variables using CloudFormation
- How do I use the AWS CLI to set encrypted Lambda environment variables?
- How to decrypt AWS Lambda Environment Variables
- How to use encrypted environment variables in AWS Lambda?
- What is the best practice for storing sensitive env vars using AWS Lambda?