Chamber (of Secrets)
https://github.com/segmentio/chamber
Chamber is a tool for managing secrets.
Currently it does so by storing secrets in SSM Parameter Store, an AWS service for storing secrets.
(read, write, delete, list, populate-enviro-vars-from-secrets-and-run-program).
Clearly you need to be authenticated to work with SSM-PS and they recommend using AwsVault.
AWS-Vault
https://github.com/99designs/aws-vault
A vault for securely storing and accessing AWS credentials in development environments.
AwsVault uses Amazon's STS service to generate temporary credentials via the GetSessionToken or AssumeRole API calls.
These expire in a short period of time, so the risk of leaking credentials is reduced.
SSM Parameter Store != AWS Secrets Manager
SSM Parameter Store has optional encryption using KMS.
No comments:
Post a Comment