Amazon Key Management Service Reviews and details

Social recommendations and mentions

• Limitless: Personalized AI powered by what you've seen, said, and heard

  Confidential Cloud is similar to end-to-end encryption, but with the added benefit of letting your personalized AI work for you even when you aren’t using the app. You control who can decrypt your data Your employer, we as software providers, and the government cannot decrypt your data without your permission, even with a subpoena to do so. Your data is anonymized There is an initial mapping from... - Source: Hacker News / 12 days ago

• Programmatically retrieving secrets from Parameter Store and Secrets Manager

  The function's execution role must have the relevant IAM permissions. If we allow the ssm:GetParameters, ssm:GetParameter and ssm:GetParametersByPath actions in the role's policy, the function will be able to retrieve various types and numbers of parameters. If we choose to encrypt the secret with a customer-managed KMS key (i.e., not the default AWS-managed key), we must add the kms:Decrypt permission to the... - Source: dev.to / 9 months ago

• Cloud Test Automation on AWS: The Role of QA Engineers

  Security and secrets management - Experience with tools like AWS Secrets Manager, AWS Key Management Service (KMS), AWS Web Application Firewall (WAF) for secure secrets management and overall system security adds an extra layer of expertise to the QA Engineer's skill set. - Source: dev.to / 10 months ago

• DevSecOps with AWS – ChatOps with AWS and AWS Developer Tools – Part 1

  AWS Key Management Service (AWS KMS): lets you create, manage, and control cryptographic keys across your applications and more than 100 AWS services. - Source: dev.to / about 1 year ago

• Ensuring secure values by private keys in AWS (KMS, SSM, Secrets Manager)

  This "protection" layer of our sensitive value is based on the composition of two AWS services: Key Management Service is the one responsible for creating the private key which will be used to encrypt our value, then Secret Manager or System Manager: Parameters Store allow us to accomplish the same functionality but they differ on some caveats, since the chosen one will be used for saving the secured encrypted... - Source: dev.to / about 1 year ago

• Serverless & Well Architected

  Simply put, how are you securing your app? Are you using authorization and authentication with IAM users, roles, and policies to limit access to your resources? Setting up permission boundaries and using KMS keys for encryption? This can look like any number of measures, but the important idea here is, are you thinking about how to secure your app? Some of the questions in this space may not be applicable. This... - Source: dev.to / about 1 year ago

• Is there a way to pass secrets in cloud-init using Terraform?

  This does assume that there's some way in your chosen compute platform for a VM to authenticate itself to a service without a chicken/egg problem where you'd first need to issue it credentials. In EC2, for example, we can use Instance Profiles to allow an EC2 instance to assume an IAM role, which can then in turn give it access to retrieve a secret from another AWS service such as SSM Parameter Store or KMS. Source: about 1 year ago

• Deploy Amazon IVS Live Streams and Chat with Terraform

  This examples creates a new asymmetric key pair using Amazon Key Management Service (KMS), creates a new Playback Key Pair using the key's public key material, and creates a channel requiring authorization:. - Source: dev.to / over 1 year ago

• Secure your connection string with AWS KMS

  One simple way to avoid this is to use environment variables so that sensitive information can be stored in the system that runs the code, as opposed to the code itself. If you are building backend services in AWS, there is actually a way to secure those environment variables even further by encrypting them using a managed key in the AWS KMS service. This article explains what KMS is and how you can use it within... - Source: dev.to / over 1 year ago

• Verifying data integrity with KMS asymmetric keys

  TLS and data encryption can address the first bullet point. Key Management Service (KMS) provides both symmetric keys with envelope encryption and asymmetric keypairs to encrypt and decrypt data. - Source: dev.to / over 1 year ago

• Cloud-native development with AWS – Part 1 – Secure IDEs Cloud9 Setup

  AWS Key Management Service (AWS KMS): lets you create, manage, and control cryptographic keys across your applications and more than 100 AWS services. - Source: dev.to / over 1 year ago

• Encrypt auto created log groups from AWS Lambda with AWS CDK

  However, sometimes it is necessary - for example, because of compliance guidelines - to encrypt the logs with a customer managed key. No problem, you can use AWS Key Management Service (AWS KMS) for this encryption. - Source: dev.to / over 1 year ago

• Securing S3 uploads and downloads with Origin Access Control

  Set up server-side encryption with a customer-managed KMS key. - Source: dev.to / over 1 year ago

• Serverless Event Driven AI as a Service

  On top of the EventBus itself, something that I've personally found very useful is to deploy a catch-all rule and set the target as a Cloudwatch Log Group (which can be encrypted by KMS if required too). This means all events are logged (and thus can be queried in CloudWatch too) . If you've ever setup an Event Bus then you can find it quite frustrating if you are sending events and "nothing" is happening as maybe... - Source: dev.to / over 1 year ago

• A different way of retrieving secrets in Lambda functions

  Permissions - The extension will use the Lambda function's execution role. We must give the role ssm:GetParameter permission for the given secret. If the secret is a SecureString, we should also add the kms:Decrypt permission to the KMS key that encrypts the secret. - Source: dev.to / over 1 year ago

• Setting up the correct permissions for cross-region replication of KMS-encrypted objects

  We'll apply server-side encryption with a KMS-managed key. We'll have to create a new key in us-east-1 that S3 uses to encrypt the objects. - Source: dev.to / over 1 year ago

• DevSecOps with AWS - Multi Environment deployments - Part 2

  AWS Key Management Service (AWS KMS): lets you create, manage, and control cryptographic keys across your applications and more than 100 AWS services. - Source: dev.to / over 1 year ago

• A case for secure web3 operations

  This makes private keys more sensitive than your average application secret, so storing them in plaintext in a dot-env file in a server where half the dev team has ssh access is not a good idea. It is key (pun intended) to leverage key management solutions that can keep the key safely stored. There are managed cloud-based options, such as GCP KMS or AWS KMS, self-managed like Hashi Vault, and even hardware... - Source: dev.to / over 1 year ago

• How to store private key on a VPS in a secure manner?

  Have a look at https://aws.amazon.com/kms/ or https://cloud.google.com/security-key-management. Source: over 1 year ago

• How to work around Vercel's 4kb environment restriction

  Many platforms have sophisticated solutions for this, like AWS KMS and Docker Secrets. The idea is that these tools hold the secret in encrypted form and provides it to the application at runtime. - Source: dev.to / almost 2 years ago

• .NET and Amazon Elastic Container Registry (ECR)

  As with the rest of AWS services, ECR is built on top of other services. For example, Amazon ECR stores container images in Amazon S3 buckets so that server-side encryption is available by default. Or, if needed, you can use server-side encryption with KMS keys stored in AWS Key Management Service (AWS KMS), all of which you can configure as you create the registry. As you can likely guess, IAM manages access... - Source: dev.to / almost 2 years ago