Quit the bad habit of hard-coding sensitive data - Introducing AWS SecretManager

Hey there!

The quick tip of today's post will be over password exposure:

Avoid doing it.

Thanks.

Before you Go

It's also a good practice not to have your credentials hardcoded on your script, specially if you intend to commit it to a public repository.

For example, if I need to query information over any database server, you do not want to have things laid out like this:

AWS SecretManager is a managed credential tool that let you store your secrets and set a secret_id to identify it. On your code, invoke a secret manager client object parsing the ID and get the values previously stored.

On your AWS Account, search for the service front page and press Store a New Secret. There's more than a single existing types of storage. You can store generic secrets on json format with as many keys as you like.

Just paste the entire string body on the painel or register the variables one by one.

Move to the next page where you'll be ask to choose a name for the secret. This is the name that will actually be your secret_id and it will be parsed on the method calling over your code.

Once you're done configuring your new secret, you now can start using secret manager client with boto3 python lib to retrieve and use your credentials on a safer way.

..cyber security folks.. cyber security.