DEV Community

Hanane Kacemi
Hanane Kacemi

Posted on

Postman and AWS secrets Manager

Hello,
Recently, the project (website) I am working on was attacked :( we decided it's time to analyse the code to find if there is any vulnerabilities to correct in order to improve the security (so we postpone the work that we had plan to do to implement new features). We were shocked to discover that many credentials that we use to access API are hardcoded in the application! we have decided to use AWS Secrets Manager in order to manage different passwords of API used in our app.

I never worked with AWS Secrets Manager, so it was for me the opportunity to use it. Here is the first steps that allow me to retrieve my password from AWS Secrets Manager using Postman :

  1. I created a pair of value, key at AWS Secrets Manager, it's simple and well explained at this link :
    https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html#tutorial-basic-step1

  2. In order to access to the value stored, I added a Permission Policy SecretsManagerReadWrite, more information at the documentation :
    https://docs.aws.amazon.com/mediaconnect/latest/ug/iam-policy-examples-asm-secrets.html

  3. Everything is ready to test retrieving the value via Postman :
    the Endpoint : https://secretsmanager.REGION_ID.amazonaws.com/GetSecretValue
    image

In the body, I specified the secretId that I took from AWS Secrets Manager:
image

and voila, the result :
image

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (0)

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

AWS GenAI LIVE!

GenAI LIVE! is a dynamic live-streamed show exploring how AWS and our partners are helping organizations unlock real value with generative AI.

Tune in to the full event

DEV is partnering to bring live events to the community. Join us or dismiss this billboard if you're not interested. ❤️