Hey everyone! We're managing a third-party app that needs a lot of oversight when it comes to API keys, which are currently stored locally on our SaaS platform. We're thinking about migrating these keys to AWS Secrets Manager for a more centralized solution where our customers can access them.
However, I'm a bit stuck on how to manage access. If I, for example, create and store keys x, y, and z for customers 1, 2, and 3, how do I set up control measures? Also, can I provide clients with a link to access their specific keys, or is programmatic access the only way?
2 Answers
I don't think AWS Secrets Manager is the best choice for this. Just to clarify, these API keys are ones your service generates for customers, right? Secrets Manager tends to be more suited for secrets your service needs to keep private, like database connection strings or third-party API keys, so it might get pricey for your needs.
You're definitely on the right track, but remember, instead of sharing secrets, you might want to establish a trust model. For example, you can use public keys where customers trust your public fingerprint. This way, there's no need for exchanging private keys or tokens, which can help maintain security.
Related Questions
Glassmorphism CSS Generator with Live Preview
Remove Duplicate Items From List
EAN Validator
EAN Generator
Cloudflare Cache Detector
HTTP Status Code Check