Follow these steps in order to learn how to store a username and password in AWS Secrets Manager:
- Log in to your AWS account, and go to the AWS Secrets Manager dashboard.
- Click Store a new secret.
- Select Other types of secrets:
Store a new secret
- Add your secret key/value pair in the Plaintext box. Go with the default for the encryption key:
Specify key/value pairs
- Click Next.
- Give the secret a Name, optional Description and Tags, and click Next.
- On the next screen, Disable automatic rotation, and click Next.
- On the final screen, review your settings and copy any code snippets that you might need for your application. The following is a simplified version of the JavaScript example:
var AWS = require('aws-sdk'),
region = "us-east-1",
secretName = "MySecret",
secret,
decodedBinarySecret;
var client = new AWS.SecretsManager({region: region});
client.getSecretValue({SecretId: secretName}, function(err, data) {
if (err) {
throw err;
}
else {
if ('SecretString' in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, 'base64');
decodedBinarySecret = buff.toString('ascii');
}
}
// Your code goes here.
});
- Click Store to complete the process.
You now have a secret that is securely stored and encrypted using the Key Management Service (KMS). If you already have a Relation Database Service (RDS) database created in your account, experiment with secrets that are automatically integrated with RDS. This is a huge improvement over storing usernames and passwords in configuration files or environment variables!