Learn how to securely manage API keys in code for HTTP API integration without affecting application performance. Find out the best solution for this common scenario.
Table of Contents
Question
A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.
The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.
Which solution will meet these requirements MOST securely?
A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
B. Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.
C. Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
D. Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
Answer
A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
Explanation
The correct answer is A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
The reason is that AWS Secrets Manager is a service that can securely store and manage secrets, such as API keys, passwords, tokens, or certificates. Secrets Manager can also rotate secrets automatically and integrate with other AWS services, such as Lambda, API Gateway, or IAM. Secrets Manager can help to protect the API credentials from unauthorized access and reduce the risk of exposing them in plain text or hard coding them in the application code.
To meet the requirements, the company can store the API credentials in Secrets Manager and retrieve them at runtime by using the AWS SDK for the programming language. The company can use the GetSecretValue API operation to get the secret value from Secrets Manager and use it to make the API call to the third party. The company can also use IAM policies or resource-based policies to control who can access or modify the secret in Secrets Manager.
Therefore, storing the API credentials in Secrets Manager and retrieving them at runtime by using the AWS SDK will meet these requirements most securely.
The other options are incorrect because they are not secure or efficient:
B. Storing the API credentials in a local code variable and pushing the code to a secure Git repository is not secure. This option exposes the API credentials in plain text in the application code, which can be easily compromised or leaked. Moreover, this option does not allow changing or rotating the API credentials without modifying and redeploying the application code.
C. Storing the API credentials as an object in a private S3 bucket and retrieving them at runtime by using the AWS SDK is not efficient. This option requires additional steps and costs to store and access the object in S3. Moreover, this option does not provide automatic rotation or integration with other AWS services for the API credentials.
D. Storing the API credentials in a DynamoDB table and retrieving them at runtime by using the AWS SDK is not efficient. This option requires additional steps and costs to store and access the data in DynamoDB. Moreover, this option does not provide automatic rotation or integration with other AWS services for the API credentials.
The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.
