No matter how much time and effort we spend on application security, it is always less. But simple workflows for things like secret management, key rotation and password expiration go a long way in making our applications and infrastructure resilient against the obvious attack vectors.
This post is contributed by Massimo Re Ferre – Principal Developer Advocate, AWS Container Services. Cloud security at AWS is the highest priority and the work that the Containers team is doing is a testament to that.
We’re going to take a quick look at storing secrets accessed by our serverless Lambda functions in AWS using the recently (April ’18) announced AWS Secrets Manager. The Secrets Manager main aim is to help you store, distribute and rotate credentials securely. Secrets come at $0.
An important aspect of running ASP.NET Core apps in the cloud is how you secure the secrets your app requires, things like connection strings and API keys.