DEV Community 👩‍💻👨‍💻

Discussion on: Where do you keep credentials for your Lambda functions?

darrintisdale profile image
Darrin Tisdale

But then they are exposed to all apps with the Fargate execution space. Security now has to move away from the OS container and towards the app itself.

pdamra profile image
Philip Damra

What do you mean by "exposed to all apps with the Fargate execution space?" Each application has its own image, with its own run script (bash). The run script makes the request to AWS SSM and sets the environment variables before it starts the application. The secrets are only available in the container OS. The app can only read them.