re: Where do you keep credentials for your Lambda functions? VIEW POST

TOP OF THREAD FULL DISCUSSION
re: I'd go for KMS. :)
 

at first i thought that too. but then i found SecretsManager ( with the automatic rotation) very handy. Docs state that Secrets Manager integrates with AWS Key Management Service (AWS KMS) but honestly i didnt really where would the difference in using kms directly really lie.

 

The difference on the surface is in pricing:

KMS: $1/key/month, $0.03/10,000 requests
Secrets Manager: $0.40/secret/month, $0.05/10,000 requests

But the practical difference is Secrets Manager integration into services like RDS, Redshift, and DocumentDB, where rotating the secret will automatically update the corresponding passwords in the database.

yep. slightly more expensive, but i find the integration and rotation very very useful.

code of conduct - report abuse