Alexa-MyQGarage
Alexa-MyQGarage copied to clipboard
Don't require users to embed passwords in source
AWS Lambda provides a feature called "encryption helpers" that makes it super simple to store secrets encrypted in environment variables, rather than modifying the source to include the unencrypted secrets.
To use this:
- Navigate to the IAM console in AWS
- Create a new encryption key
- Grant use privileges for that key to the role that you're using for the lambda function
- In the Lambda console, go to the configuration for the lambda function
- At the bottom, enter the secret(s) (e.g. username and password) into environment variables, and use the encryption helper to encrypt them.
- Use the "code" button next to each environment variable to get a code snippet of how to use it.
I've modified main.py to use encryption helpers and attached it (also changed from print to logging for debug output).
Hi Eric,
I have personally toyed with this feature myself before and unfortunately, I don't think that this service is provided as free service by AWS. I think they charge a fee for every encryption key that you maintain. Can you verify that I was not mistaken about this?
Thanks!
tigerbrain
That is correct- there is a $1.00 USD charge per key per month. KMS Pricing