I am trying to make my application secure, so instead of storing all of my AWS IAM credentials for different service users, I started to use AWS secrets manager. The part that is confusing me is in order to get a connection to the AWS secrets manager to retrieve all of the secrets for my other IAM service connections, I need an access key and secret key. Storing these in application.properties on the application on an EC2 instance seems like working back words, since if someone gets access to these two keys, they can get access to all of the secrets and then secrets manager isn't really providing any value. How can I create a connection to secrets manager without storing the keys at all in my code? Thanks in advance.
CodePudding user response:
Normally, you would use EC2 instance role with permissions to access your secret manager. This way there is no need to hard-code any access and secret keys in your application nor store them on the instance.