|
|
|
|
|
|
by shog_hn
1791 days ago
|
|
|
This looks interesting. All the best for your release! I have a few small feedback items: - The AWS Account ID is not very well blanked out in your documentation. I can easily see what the actual digits are (under the red scratched out parts).
- I realise English is not your first language, but there are many typos and mistakes in the documentation. Once you get a bit further on, it'll be worth sending it to someone to do an edit pass to clean it up a little :)
- Some of the AWS terms are incorrectly written in documentation. For example 'SecureSecret' instead of 'SecureString'.
- On the subject of secrets, would a better option not be to store a Secret using AWS Secrets Manager with the value you need to acquire? Also, I know you mention that the secret value is used and never stored, but how do we know that? If you have access to the secret via ARN and IAM policy, then in theory if your SaaS was compromised, the secret is still retrievable from the customer's account. How about using something like Vault to store secrets? |
|
|
You could do that, but you can also throw money in the bin. Secrets Managers is basically a paid for wrapper around SSM Parameter Store. Last I checked the only nice thing it had was automatic key rotation. The price for that ? 50cents per secret per month. That will add up pretty quick.