I'm working with AWS Lambda and I need to encrypt some of my variable values. However, I want to avoid using KMS or Secrets Manager for this task. What's the best approach to encrypt these variables and then decrypt them in my code to obtain the actual values? Any suggestions would be helpful!
5 Answers
Using your own approach for encryption is fine, especially if you're managing everything solo. You could save the encrypted variables in a database, but keep in mind the maintenance and availability if your project grows.
You might want to rethink avoiding KMS or Secrets Manager. They can add some overhead, but they also help prevent significant security risks. Just make sure your reasons for skipping them are solid.
Have you considered using SSM Parameter Store instead? It’s a good alternative for secure storage of your variables if you’re not keen on KMS or Secrets Manager.
Can you share a bit more about what you're trying to achieve? What’s the data you're dealing with and why don't you think KMS fits your needs? Just a heads-up that encryption can get pretty complicated!
If you’re insisting on not using KMS or Secrets Manager, you’ll need to handle encryption and decryption yourself. Make sure to use a reliable client-side encryption library. But remember, securing the secret key you use for encryption is crucial!
Maybe just encrypt the key itself too, right? That way, it adds another layer of security!
I understand the concern, but I'd like to explore other options too!