Forem

Hanane Kacemi
Hanane Kacemi

Posted on

Postman and AWS secrets Manager

Hello,
Recently, the project (website) I am working on was attacked :( we decided it's time to analyse the code to find if there is any vulnerabilities to correct in order to improve the security (so we postpone the work that we had plan to do to implement new features). We were shocked to discover that many credentials that we use to access API are hardcoded in the application! we have decided to use AWS Secrets Manager in order to manage different passwords of API used in our app.

I never worked with AWS Secrets Manager, so it was for me the opportunity to use it. Here is the first steps that allow me to retrieve my password from AWS Secrets Manager using Postman :

  1. I created a pair of value, key at AWS Secrets Manager, it's simple and well explained at this link :
    https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html#tutorial-basic-step1

  2. In order to access to the value stored, I added a Permission Policy SecretsManagerReadWrite, more information at the documentation :
    https://docs.aws.amazon.com/mediaconnect/latest/ug/iam-policy-examples-asm-secrets.html

  3. Everything is ready to test retrieving the value via Postman :
    the Endpoint : https://secretsmanager.REGION_ID.amazonaws.com/GetSecretValue
    image

In the body, I specified the secretId that I took from AWS Secrets Manager:
image

and voila, the result :
image

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

đź‘‹ Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay