AWS Security Hub VS AWS Secrets Manager

AWS Security Hub for centralized security monitoring, providing a comprehensive view of your security state within AWS. - Source: dev.to / about 1 month ago

AWS Security Hub is the service for your cloud security posture management. And this works for smaller organizations and when you don’t have your own config rules. Security Hub will only show you the compliance scores of standards that AWS provides. Plus, it will not give you historical insight of the scores. This does not need to be a problem. Having historical insight can help a lot when you interact with the... - Source: dev.to / 2 months ago

References Https://aws.amazon.com/security/ Https://www.terraform.io/ Https://aws.amazon.com/waf/ Https://aws.amazon.com/security-hub/ Https://registry.terraform.io/providers/hashicorp/aws/latest/docs AWS Security Best Practices: https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf. - Source: dev.to / about 1 year ago

MetaHub is a command line utility for AWS Security Hub that lets you work with multiple standards, multiple checks, and thousands of findings in a very simple and advanced way by sorting, aggregating, filtering, and updating your data. In addition, MetaHub adds MetaChecks, an effortless and flexible way to do any tests on top of your resources to improve the level of confidence in your findings. Source: over 1 year ago

On top of this, AWS has several tools aimed toward centralized observability and security, which all support and promote multi-account strategies such as AWS Security Hub, AWS Config and AWS GuardDuty. - Source: dev.to / over 1 year ago

Edit WhatsApp configuration values in Facebook Developer in AWS Secrets Manager console. - Source: dev.to / about 2 months ago

If you’re asking yourself where you should be keeping secrets, you should be using a secrets manager. Two examples include Doppler (https://doppler.com). - Source: Hacker News / 2 months ago

A secrets management service would be most convenient. Documentation makes them easy to set up without having to build anything extra yourself. A secrets manager like Doppler (https://Doppler.com) has the advantage of protecting your secrets in a secure place and the advantage of minimizing exposure of those secrets - even to your own developers. That way, you don't end up with a data breach that could have easily... - Source: Hacker News / 3 months ago

It seems like they made a lot of assumptions that something like this wouldn't happen. They assumed employees would never leak secret information, and that their GitHub repos would never be exposed. They could've used https://doppler.com) and never had this problem. It's a little too easy to get comfortable thinking things work well the way they are. This should be a warning to other companies to seriously... - Source: Hacker News / 3 months ago

AWS Secrets Manager is a fully managed service that simplifies the storage and retrieval of secrets within the AWS ecosystem. It integrates seamlessly with Kubernetes deployments, providing a scalable and secure solution for secret management. - Source: dev.to / 4 months ago