How To Securely Store/Manage (and Share) App Secrets?

[nelsonic]

Using Environment Variables dwyl/learn-environment-variables is a good start for keeping secrets safe,
but how the secrets are stored and shared between the team (where appropriate) is often overlooked.

Most of the apps we build have several environment variables, and in the case of AWS_SECRET_ACCESS_KEY, if these are "leaked" it can lead to breaches of personal data, which can lead to identity theft and other traumatic consequences for the people affected.
Where the Data of EU citizens is concerned, breaches have to disclosed/reported to the European Data Protection Supervisor and can result in a fine; it's a headache nobody wants! Also, data breaches destroy the reputation of the organisation (though apparently not in the case of Fb ... 🙄🤦‍♂️)

Todo

• Create a step-by-step example of how to use AWS KMS (Key Management Service) to encrypt, store and retrieve secrets for a Web Application.

This appears to be a good post on the subject of managing secrets with AWS KMS:
https://segment.com/blog/the-right-way-to-manage-secrets
also: https://blog.ruanbekker.com/blog/2018/04/04/using-aws-ssm-parameter-store-to-retrieve-secrets-encrypted-by-kms-using-python/