Passing the password securely

Question

Passing the password securely

Opened this issue a year ago · 2 comments

Hi there,

Thanks for the great work.

I have a question: is there any possible method to pass the password securely e.g. using a Secret?

Currently, as the password is passed as a string, it is exposed in the resulting CloudFormation template and in the lambda logs.

My attempts to use

someSecret.secretValue.toString()

end up in unresolved references passed to the lambda like this:

{{resolve:secretsmanager:arn:aws:secretsmanager:us-east-1:bla-bla-bla:SecretString:::}}

Any ideas?

Answer 1 · 2023-12-21T13:52:26.000Z

hey @serge-loboda did you ever come up with a solution for this? I ran into the same issue and am reluctant to hardcode the password in my CDK code but there doesn't seem to be another option.

Answer 2 · 2023-12-30T09:47:38.000Z

Hello @johnboy-leeds ,
Unfortunately, I could not resolve this using AWS CDK only. I ended up creating users in a different place of my pipeline, not in the CDK application.