How to store credentials on AWS using Parameter Store
We can store our credentials or plain-text data in the Parameter Store. Parameters Store comes under System Managers in AWS. It allows us to separate our secrets and configuration data from the code. It can be tagged and organized into hierarchies which can us to manage parameters more easily. It is integrated with AWS Key Management Service (KMS), allowing us to automatically encrypt the data we store. Once we have our data in Parameter, we can centrally and securely reference this data in our scripts, commands, and SSM documents.
Parameter Store provides support to String, StringList, and SecureString.
The standard type of parameter does not come with additional costs whereas the Advanced type of Parameter comes with $0.05 per 10,000 Parameter Store API interactions. To know more about its pricing click here to visit the official AWS pricing page.
In this article, we will create a parameter and store configuration data in it of type SecureString. We will also modify the parameter and see how it maintains multiple versions.
- AWS Account(Create if you don’t have one).
What will we do?
- Login to AWS
- Create a Parameter to store configuration data.
- Edit the Parameter
- Delete the Parameter
Login to AWS
Click here to go to AWS Login Page.
Upon clicking the above link you will see the login page as follows where you can enter your AWS account credentials.
Once you successfully login into your account you will see the main dashboard of AWS as follows.
Create a Parameter to store configuration data.
To create a parameter click on "Services" in the top left of the screen and search for "Systems manager"
Here you see the main dashboard of "Systems Manager". In the left panel click on "Parameter Store" under "Applications Management.
Since I do not have any parameter created in my account in the selected region, I see no parameters on the main dashboard of the Parameter store.
To create a new parameter click on the "Create parameter" button.
Here you can specify the name of the parameter. Proceed with the "Standard" tier parameter and select "SecureString" under the type of the parameter.
You also need to select a KMS key. You can either select it from your current account or another account.
Here we have specified KMS Key ID which belongs to the current account.
Under the value text field, specify the configuration data which needs to be stored in the parameter.
You can optionally add tags to the parameter and click on the "Create parameter" button to create the parameter.
We have successfully created our first parameter and stored the configuration data in it. Click on the parameter we just created to see more information about it.
Here you can see the overview of the parameter we created. If you click on the "Show" button under the "Value" field the value of the configuration that we saved in the parameter will get displayed.
Edit the Parameter
Under the history tab, we can see the number of versions the parameter has in it. Since we have not edited and changed the configuration data in the parameter we created we see only one version.
To change the configuration data or modify the parameter click on the "Edit" button.
Now again we can change the configuration or the parameter details which will create a new version under the same parameter.
Now, let's change the value of the parameter to some other value than we stored earlier.
Once we modify the parameter we can see two revisions under it.
Here, you can see that now we have two revisions in the Parameter.
The one we created for the first time and the other we saved after editing the Parameter.
If you want you can decrypt the revisions to see what all values they have.
To decrypt the values select the "Decrypt all" check-box.
Delete the Parameter
If you no longer need the parameter to be stored, it is better to delete it.
To delete the parameter select the parameter to be deleted and click on the "Delete" button.
Click on the "Delete" button to confirm your deletion and action.
In this article, we saw the steps to create a parameter store to Save configuration data in a secured form. We also saw how the Parameter Store keeps different revisions of the configuration data we saved in it. Lastly, we saw how simple it is to delete the Parameter we created.