I'm working with AWS Lambda and need to handle environment variables securely. I'm looking for a way to encrypt these variables without using AWS KMS or Secrets Manager. Is there a method to encrypt them myself, and how can I decrypt the values in my code to access the actual data?
4 Answers
Just curious—what's your end goal? Why not KMS? Understanding your needs better could help find a more suitable solution. Encryption can get complicated, and going for a custom solution might introduce vulnerabilities if not done right.
While it’s definitely possible to manage your own encryption, it's worth evaluating if the reasons to steer clear of KMS or Secrets Manager are justifiable. If it’s about cost or complexity, make sure you’re fully aware of the potential security risks involved.
Have you considered using AWS Systems Manager Parameter Store instead? It offers encryption without needing KMS directly, and it’s generally a good option for securely managing parameters in AWS environments.
If you're avoiding KMS and Secrets Manager, you can handle encryption and decryption on your own with a solid client-side encryption library. Just remember, if you're going this route, you'll have to securely manage your encryption keys, which can be tricky. You could, for instance, encrypt the keys themselves too, but that adds complexity.
Exactly! As an alternative, just make sure you keep track of your keys safely. It can get messy without the built-in AWS services.