Learn how to use AWS Secrets Manager to store and retrieve API keys securely for your applications. Compare different solutions and understand the benefits of using AWS Secrets Manager over other options.
Table of Contents
Question
A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.
The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.
Which solution will meet these requirements MOST securely?
A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
B. Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.
C. Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
D. Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
Answer
A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
Explanation
The correct answer is A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
To manage the API key by using code, the company should use AWS Secrets Manager, which is a service that helps to securely store and retrieve secrets, such as passwords, API keys, and tokens. AWS Secrets Manager also supports automatic rotation of secrets, which can enhance security and compliance.
The other options are incorrect for the following reasons:
- Option B is incorrect because storing the API credentials in a local code variable is not secure. Anyone who has access to the code or the Git repository can see the API key in plain text. This can expose the company to unauthorized access or data breaches.
- Option C is incorrect because storing the API credentials as an object in a private Amazon S3 bucket is not the best option. Although S3 can encrypt and restrict access to objects, it does not provide any built-in mechanism for rotating or retrieving secrets. The company would have to implement additional logic and policies to manage the API key lifecycle.
- Option D is incorrect because storing the API credentials in an Amazon DynamoDB table is not the best option. Although DynamoDB can encrypt and restrict access to data, it does not provide any built-in mechanism for rotating or retrieving secrets. The company would have to implement additional logic and policies to manage the API key lifecycle.
The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.
