What is AWS paramter store?
Working with sensitive data is always risky and trust me I know what it can COST! I still remember the day as fresh as morning dew when I had leaked my AWS credentials accidentally
@[email protected] FREeeeaky Day!
AWS parameter store provides flexibility and assurity to store sensitive information securely, also a way to pass on these sensitive data at runtime to an application securely.
Yes, AWS provides an option of how one would like to store information: encrypted? plain text ? or how would one like to address it at runtime? etc.
The point is don't risk your appetite with sensitive data and be cautious about how and where it is stored and used.
It can be stored in AWS Parameter Store in encrypted form and use it at runtime. It makes life a lot easier. Yet if it still doesn't satisfy you or there are questions about how can one trust AWS for storing sensitive data just like that? or by hook or crook data gets into the wrong hands? So one can do is encrypt the data and then add into AWS Parameter Store with encryption option provided by AWS, which then will act as two-layer of encryption. And in the source code write the decryption logic to carry on further.
I had to store good lists of sensitive data in AWS Parameter Store and doing it over console takes a lot of time and you need to have patience for repeated tasks - for each product along with different Environments. But I wanted a smooth time with no hustle, So here is a simple script I wrote.
Create a file containing lists of data to be added but in two columns.
Following code does the rest of my work
IFSstands for Internal Field Separator, which act as delimiter. So in this shell script, it is space that acts as delimiter
-rprevents backslash escapes from being interpreted. For depth click here
So it reads each line gets two columns which it recognizes by space as delimiter and stores these values in variables
And AWS CLI command uses the variables defined, creates and stores respective information
`while IFS=" " read -r parameter_name parameter_value;` `do` `<AWS_CLI>` `done < env_vars.txt`
Happy Learning !