An application requires access to a database to retrieve certain information and this action would require the developer to hard-code the credentials. Hard-coding the credentials is not a best practice.
He can securely store encrypted credentials and retrieve them when required, eliminating the need of hard-coding credentials in the application.
Which AWS service would you suggest to the developer?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A.
AWS Secrets Manager helps in securely storing encrypted credentials and ensures retrieval when required.
The use of AWS Secrets Manager eliminates the need for hard-coding credentials in the application.
AWS Encryption SDK is the encryption library that makes client-side encryption best-practice easier.
The encryption libraries facilitate cryptographic services and do not require AWS or any AWS service.
AWS Security Hub gives you a comprehensive view of your high-priority security alerts and security posture across your AWS accounts.
AWS Artifact is a central resource for all the information pertaining to compliance.
AWS artifact provides on-demand access to compliance reports at no additional cost.
Option A is CORRECT as AWS secrets Manager is an easy way to store encrypted credentials and perform on-demand retrieval safely.
Option B is INCORRECT because AWS Encryption SDK does not facilitate storing and retrieving the credentials but makes implementation of the client-side encryption best practices easier.
Option C is INCORRECT because AWS Security Hub facilitates the view of high-priority security alerts and provides a view of the security landscape across AWS accounts.
Option D is INCORRECT as AWS artifacts does not help with the credentials storing and retrieval, but facilitates information pertaining to compliance centrally.
Reference:
https://docs.aws.amazon.com/secretsmanager/ https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html https://aws.amazon.com/security-hub/ https://docs.aws.amazon.com/artifact/The AWS service that would be most suitable for securely storing and retrieving encrypted credentials is AWS Secrets Manager.
AWS Secrets Manager is a fully managed service that enables you to store and retrieve secrets such as database credentials, API keys, and other sensitive data. With AWS Secrets Manager, you can eliminate the need to hard-code secrets in your applications, and you can easily manage and rotate secrets without any downtime.
When you use AWS Secrets Manager, you can store the secrets as key-value pairs, and you can use AWS Identity and Access Management (IAM) to control access to these secrets. You can also use AWS Key Management Service (KMS) to encrypt the secrets and ensure that they are only accessible to authorized users.
To use AWS Secrets Manager, you would need to create a secret, which can be done using the AWS Management Console, AWS CLI, or AWS SDKs. You would then configure your application to retrieve the secret when it needs to access the database or other resource.
Overall, using AWS Secrets Manager would be the most secure and scalable solution for storing and retrieving sensitive information such as database credentials. It provides a central location for managing secrets, eliminates the need for hard-coded credentials, and enables you to easily rotate and manage secrets without any downtime.