Good post on how and where to store your secrets when working in a Serverless / Cloud Environment — something I was wondering about myself a little while ago
Serverless applications and cloud functions often need to communicate with an upstream API or service. Perhaps they require a username and password to connect to a database, an API key to talk to an upstream service, or a certificate to authenticate to an API. This raises questions like: How do I manage secrets in serverless environments? How do I get credentials into my serverless lambda or cloud function? How can I use secrets AWS Lambda or Google Cloud Functions?
This post describes common patterns and approaches for managing secrets in serverless, including the benefits and drawbacks of each approach.
🌍 If you’re using Terraform then the google_kms_secret
datasource will come in handy.