How to Use AWS Systems Manager Store to Secure String Parameters?

When there are deployments across environments, it is unsafe from a security standpoint to store critical information like DB passwords, connection strings, etc., in version control with limited access. Some use vaults to store the values, which is difficult to maintain, and in worst scenarios, they hardcode the values in their code stored in their versioning system. This is not good practice as it might broaden your security gaps.

AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data and secrets management. You can store your configuration values, such as passwords, database credentials, etc., at no extra cost.

You can store 3 different types of data:

  •    String
  •    String List
  •    Secure String

Let’s focus on Secure String in this blog, as this is stored as encrypted values with the help of KMS, and see how we can store and retrieve the keys. Parameter Store supports hierarchies. What it means is that the keys are stored in a more structured way. Let’s understand it with the help of an example:

Suppose you want to store the key named ‘abc’ for the application named ‘TestApp’ and the Production environment.

We will be storing it as: /Prod/TestApp/abc

Adding Keys:

You can add the keys via AWS console or create them programmatically using API/SDK/CLI.

Adding keys through AWS SSM Console

To add keys through AWS SSM Console:

  1. Sign in to your AWS Console and select an appropriate region.
  2. Under Services, click on Systems Manager.
  3. On the left side pane, scroll down and click on the Parameter Store.
  4. Click on Create Parameter.
  5. Enter the Name of the keys you want to store. Example /Prod/TestApp/abc
  6. Enter the Description(Optional)
  7. Select Secure String. Under KMS key source, select My current account if you want to use the KMS key present in your account.
  8. From the drop-down list, select the KMS Key ID you want to use to encrypt the values.
  9. Enter the Value which you need to store and click on the Create Parameter.

Accessing Values:

To access these values in your application, you can use AWS API/SDK/CLI or view it on the Console. As an example, how you can retrieve it using AWS CLI command.

aws --region=us-east-1 ssm get-parameters --names \"/Prod/TestApp/abc \" --with-decryption

This will return the decrypted value. The user or role running this command should have access to use the KMS key to execute this command successfully.

More information can be found at :https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.htm

Share

Search Post

Recent Posts

Top benefits of working with AWS consulting partners
July 15, 2024
Cloud Computing: The Supercharger for AI and Machine Learning
July 12, 2024
The Future is Now: A Comprehensive Look at Generative AI Chatbots in 2024
July 1, 2024

Categories

Tags

Subscribe to the
latest insights

Subscribe to the latest insights

Related Posts

Top benefits of working with AWS consulting partners

Cloud Computing: The Supercharger for AI and Machine Learning

The Future is Now: A Comprehensive Look at Generative AI Chatbots in 2024

Get in Touch!

Are you prepared to excel in the digital transformation of healthcare with Rapyder? Let’s connect and embark on this journey together.

I accept T&C and Privacy