mikemaas-amazon
commented
5 years ago Yes, those should be considered secret and not be committed to a source repo. Getting the secret values from SecretsManager is a good approach as the interface is pretty easy to use and you can then tighten down access to the secret even further through policies/roles, etc.
More information on the API at https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
Also, there are wrapper SDKs for that call for several toolchains at https://aws.amazon.com/tools/
Hi,
Understood the answer is probably yes, but wanted to ask whether my skill ID, Alexa Developer vendor ID, and/or Alexa Developer customer ID are considered a secret?
I'm creating an Alexa smart home demo project and want to know whether I can include my personal values in the public git repo or whether I should obscure them, e.g. reference them with secrets manager / SSM.