Good post on how and where to store your secrets when working in a Serverless / Cloud Environment — something I was wondering about myself a little while ago
Serverless applications and cloud functions often need to communicate with an upstream API or service. Perhaps they require a username and password to connect to a database, an API key to talk to an upstream service, or a certificate to authenticate to an API. This raises questions like: How do I manage secrets in serverless environments? How do I get credentials into my serverless lambda or cloud function? How can I use secrets AWS Lambda or Google Cloud Functions?
This post describes common patterns and approaches for managing secrets in serverless, including the benefits and drawbacks of each approach.
If you’re using Terraform then the
google_kms_secret datasource will come in handy.