Hey guys, I've been looking though the site and I swear there was a whole section about how best to deal with secrets access and lambdas... Like an "easiest, better, best" thing. Am I going crazy?

This the one?

Legend!

Imo number 3 is the only good option, we're going to build some tooling to make it easier so I suggest using that right now

Yea I know, started a new job a couple of weeks ago and someone asked about exposing secrets. I knew I'd read something here so thought I'd direct them to it.

@thdxr something I've been meaning to investigate at some point is whether or not we can get it from a third party for option 3 instead of SSM. The one I'm thinking of is 1password as they have a CLI as well. Any suggestions?

yes you can definitely get it from anywhere but there are benefits to doing it through SSM as we're planning to have our console directly integrate

Yea the issue I have and maybe I'm doing this the wrong way is when setting up new environments I have to duplicate all of our SSM parameters in there and we have a lot of API keys etc which other than production or qa most use the same dev keys