https://serverless-stack.com/ logo
#guide
Title
# guide
b

Brinsley

04/08/2022, 10:42 AM
Hey guys, I've been looking though the site and I swear there was a whole section about how best to deal with secrets access and lambdas... Like an "easiest, better, best" thing. Am I going crazy?
r

Ross Coundon

04/08/2022, 11:05 AM
This the one?
b

Brinsley

04/08/2022, 11:32 AM
Legend!
t

thdxr

04/08/2022, 11:53 AM
Imo number 3 is the only good option, we're going to build some tooling to make it easier so I suggest using that right now
b

Brinsley

04/08/2022, 12:41 PM
Yea I know, started a new job a couple of weeks ago and someone asked about exposing secrets. I knew I'd read something here so thought I'd direct them to it.
j

justindra

04/08/2022, 1:57 PM
@thdxr something I've been meaning to investigate at some point is whether or not we can get it from a third party for option 3 instead of SSM. The one I'm thinking of is 1password as they have a CLI as well. Any suggestions?
t

thdxr

04/08/2022, 1:58 PM
yes you can definitely get it from anywhere but there are benefits to doing it through SSM as we're planning to have our console directly integrate
it will need to happen every cold start so keeping it within AWS has benefits
j

justindra

04/08/2022, 2:02 PM
Yea the issue I have and maybe I'm doing this the wrong way is when setting up new environments I have to duplicate all of our SSM parameters in there and we have a lot of API keys etc which other than production or qa most use the same dev keys