If you're using AWS parameter store is pretty good! You can set permissions, have different keys for different environments, and lock them with keys. If you need more advanced functionality there are other options too.
Got it! Based on your comment / some googling it sounds like the common use case is for managing internal secrets.
Do you think it's a good fit if you want to use it for managing API Keys for your public API (you want your customers to generate a key and use it to call your api)? The 10k parameter limit per AWS account might conflict with that usecase.
Its part of the authorization. The only thing i can think of is the use of JWT for auth.
you log into one and get an jwt and the application checks it.
I'm not so much talking about the type of token issued (JWT/Opaque), but more about the service that manages issuing and revoking keys. (i.e. something similar to what Stripe has on their developer portal https://stripe.com/docs/keys).
It seems like in-house is the way to go since there are no other alternatives.
Things we would have to build:
- Generating API Keys (with expiry)
- Storing API Keys securely
- Revoking API Keys
- Adding metadata to API Keys
It seems like there could be a generic API to power all of that, while still enabling applications to be opinionated about whether the incoming request is authenticated and has the right permissions.