Currently, Our Security engineering team is not allowing to write in secrets manager but read is fine.
We have a common lambda role which is being used by other modules as well.
- Is there any way to configure writing limited to only particular secrets ?
- Alternatives to AWS secrets manager.
CodePudding user response:
- Is there any way to configure writing limited to only particular secrets?
Yes. This official documentation shows how to grant read access to only specific secrets. You could do the same thing with write access.
- Alternatives to AWS secrets manager.
CodePudding user response:
Strong recommendation for using Secrets Manager or SSM Parameter Store to store secrets, but there are also other, non-AWS alternatives like Hashicorp's Vault. It can be found from AWS Marketplace (https://aws.amazon.com/marketplace/pp/prodview-ngzq6n42psnxa) or downloaded from the vendor website (https://www.vaultproject.io/).
Don't forget to ask security team review and approval before using it in production environments. :-)