Secrets Management Made Easy on AWS


Cost of Automating vs. Cost of Managing

Secrets management is one of those things that becomes more and more important as successful small companies grow into successful bigger companies.  At first, with a small group of trusted developers, we tend to ignore secrets management entirely.  As we grow larger, we often patch together technology and process to meet the security requirements of secrets management without the need of scoping and implementing an entirely automated solution.  At some point, the ongoing cost of managing the manual process exceeds the cost of biting the bullet and implementing a proper, fully automated solution.

Although this lifecycle may still be the case for some, new solutions have lowered the cost of implementing a fully automated solution to the point that pretty much everyone should be jumping straight to the finish line, and implementing a proper secrets management solution from the start.   AWS Secrets Manager is one of these.  If your infrastructure is running on AWS, there is no longer any excuse to avoid secrets management.

Case Study

We recently did an implementation for Blast Motion, who aggregate and analyze athletic performance metrics and are running on AWS with apps running in Elastic Beanstalk.  Clearly they value automation, with a fully automated, container based deployment pipeline and a fully automated infrastructure.  When they asked for a secrets management solution, the AWS Secrets Manager fit the bill.

We configured AWS Secrets Manager and assisted with the integration of AWS Secrets Manager with their application.  The first set of credentials were database credentials.  The configuration was captured in code and provisioned with Terraform, ensuring that we maintain all of our infrastructure as code.  From here, we assisted the application development team with the application integration.  In no time, they were up and running.


With relatively small effort, Blast Motion now enjoys high confidence that they can rotate keys and otherwise manage key lifecycle with almost no management overhead.  This further strengthens and improves the reliability of their end-to-end encryption model, which includes both mobile and web based applications.  Have you automated your secrets management yet? Are you using AWS Secrets Manager?  HashiCorp’s Vault?  Other tools?  Let us know!

Related Blogs

Migrating to the Cloud Using Lift and Shift

Migrating to the Cloud Using Lift and Shift

What is Lift and Shift in Cloud Migration? You’ve completed all due diligence, decided which platforms fit your operation, and finally accepted that a move to the cloud is the best way to scale. With that big decision out the way,  the next one comes in the form of a...

Demonstration of Penetration Testing Techniques

Demonstration of Penetration Testing Techniques

Join Foghorn’s diligent, cloud security pro, Dennis Pelton, as he takes us on a super helpful, 6-minute tutorial highlighting techniques he has in his penetration testing toolbox. In this exercise, he looks at two types of attacks- cross-site scripting and SQL...