Using AWS Systems Manager Parameter Store to Secure String Parameters

Benefits Of Using AWS Systems Manager Parameter Store
July 12, 2021
Benefits Of Using AWS Systems Manager Parameter Store

Using AWS Systems Manager Parameter Store to Secure String Parameters

When there are deployments across environments, it is not safe from a security standpoint to store critical information like DB passwords, connection string etc. in version control with limited access. Some use vaults to store the values which is difficult to maintain and in worst scenarios they hardcode the values in their code which is stored in their versioning system. This is not at all the good practice as it might broaden your security gaps.

AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store your configuration values such as password, database credentials etc. and that too at no extra cost.

You can store 3 different types of data:

  •    String
  •    String List
  •    Secure String

Let’s focus on Secure String in this blog as this is stored as encrypted values with the help of KMS and see how we can store and retrieve the keys. Parameter Store supports hierarchies. What it means is that the keys are stored in a more structured way. Let’s understand it with the help of an example:

Suppose you want to store the key named ‘abc’ for the application named ‘TestApp’ and Production environment.

We will be storing it as: /Prod/TestApp/abc

Adding Keys:

You can add the keys either via AWS console or you can also create it programmatically using API/SDK/CLI.

To add keys through AWS SSM Console:

  1. Sign in to your AWS Console and select an appropriate region.
  2. Under Services, click on Systems Manager.
  3. On the left side pane, scroll all the way down and click on the Parameter Store.
  4. Click on Create Parameter.
  5. Enter the Name of the keys you want to store. Example /Prod/TestApp/abc
  6. Enter the Description(Optional)
  7. Select Secure String. Under KMS key source select My current account if you want to use the KMS key present in your account.
  8. From the drop-down list select the KMS Key ID you want to use to encrypt the values.
  9. Enter the Value which you need to store and click on the Create Parameter.

Accessing Values:

To access these values in your application one can use AWS API/SDK/CLI or you can just view it on the Console. As an example, how you can retrieve it using AWS CLI command.

aws --region=us-east-1 ssm get-parameters --names \"/Prod/TestApp/abc \" --with-decryption

This will return the decrypted value. The user or role who runs this command should have access to use the KMS key in order to successfully execute this command.

More information can be found at :

https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.htm

To get the latest insights, research and expert articles on AWS Services, Cloud Migration, DevOps and other technologies, subscribe to our Blog Newsletter here. For AWS Case studies and success stories, visit Case Study Section

Written by – Atin Mittal

Leave a Comment

Your email address will not be published. Required fields are marked *

Cloud Computing Insights and Resources

Challenges Faced by Gaming Companies While Adopting Cloud Services

Challenges Faced by Gaming Companies While Adopting Cloud Services 

With the advancement in technology and the progress in cloud infrastructure, the cloud gaming industry is growing at a lightning …

Challenges Faced by Gaming Companies While Adopting Cloud Services  Read More »

5 Trends in Data Analytics Impacting the Cloud World 

5 Trends in Data Analytics Impacting the Cloud World 

What is Cloud data & analytics?  Cloud analytics is the process of analysing data stored in the cloud. It is …

5 Trends in Data Analytics Impacting the Cloud World  Read More »

How Microsoft Azure Cloud Services Different From Competitors

How Microsoft Azure Cloud Services is Different From its Competitors?

Microsoft Azure is one of the eminent cloud computing platforms in the market created by Microsoft for building, deploying, and …

How Microsoft Azure Cloud Services is Different From its Competitors? Read More »