Storing aws sts credentials efficiently in database or yaml files

talented-joey · October 30, 2023, 4:26pm

Hi,

In my web application, I create AWS credentials for users using AWS STS (Security Token Service) with specific roles (role ARN) and an external identity (external ID). Subsequently, I need to store these credentials in my database to enable users to access various services in their AWS accounts.

What is the most effective way to accomplish this process? Should I store these credentials as variables in YAML files, or is there a more efficient method?

yevgenyp · October 30, 2023, 5:47pm

Usually the best way is to store those in Secret Manager (there are plenty of those vaults, AWS Secrets Manager, 1Password) and then expose them as environment variables. The AWS plugin can then use those environment variables which are exposed.

talented-joey · October 30, 2023, 7:35pm

Due to the need for multiple processes to occur simultaneously, is it possible to provide the environment variable to PluGin in a different way instead of using ENV variables?

yevgenyp · October 30, 2023, 7:35pm

Which plugin are you referring to?

Topic		Replies	Views
CloudQuery Azure configuration for ECS ClientID and Password setup CloudQuery Plugins	8	2	December 13, 2023
Issue with setting environment variables for AWS source config in CloudQuery CloudQuery Plugins	4	3	November 9, 2023
Can authentication secrets be embedded in source.yml config files CloudQuery Plugins	4	0	January 5, 2024
Recommended methods for handling API keys with CloudQuery CloudQuery Plugins	4	8	February 2, 2024
Options for storing multiple aws accounts data in postgres without overwriting CloudQuery Plugins	2	0	January 19, 2024

Storing aws sts credentials efficiently in database or yaml files

Related topics