Open tuongngova opened 1 year ago
@pjhill - can we get this item on the docket to discuss in an upcoming CoP meeting. I could see this additionally being a nice little reliability item so gonna cc: @BillChapmanUSDS & @ericboehs
Added to DevOps COP meeting agenda for the week -- https://vfs.atlassian.net/wiki/spaces/DO/pages/2708963329/07+20+2023
Status check: @pjhill Has there been any progress on this item? Is it still under consideration or still active in some capacity?
Hi @pjhill - checking in to see if this one is still active/has any updates. Or can it be closed? Thanks!
Hi @pjhill -- checking the status of this issue. Is it in progress? Backlog? Closed? Thanks!
Hi @pjhill - did this ever make it into backlog/is it active? Or is it safe to say it's closed?
Describe the problem
Right now Parameter Store is being used as storage for secrets in EKS cluster. There are certain secrets such as database passwords that need to be rotated after a certain amount of time. Utilizing secret manager can help address this need while Parameter Store doesn't offer such out-of-the-box feature. The size limit of secret manager is 10KB vs 8KB for Parameter Store which means we can store more data for a secret in Secret Manager. The data in secret manager is encrypted with KMS so it's secured. Secret Manager has a direct integration with many types of AWS supported databases.
Who will benefit
All of the vets-api, sig-in-service included.
Describe your idea
Move data stored in Parameter stored in Secret Manager. The method for pulling the data from secret manager vs from parameter store remains unchanged.
Provide evidence
https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
Platform Mission
Other:
No response