DEV Community

loading...

Postman and AWS secrets Manager

hanane kacemi
PHP Backend developer & Scrum Master. I love reading books, journaling, cooking and also meeting new people :)
・1 min read

Hello,
Recently, the project (website) I am working on was attacked :( we decided it's time to analyse the code to find if there is any vulnerabilities to correct in order to improve the security (so we postpone the work that we had plan to do to implement new features). We were shocked to discover that many credentials that we use to access API are hardcoded in the application! we have decided to use AWS Secrets Manager in order to manage different passwords of API used in our app.

I never worked with AWS Secrets Manager, so it was for me the opportunity to use it. Here is the first steps that allow me to retrieve my password from AWS Secrets Manager using Postman :

  1. I created a pair of value, key at AWS Secrets Manager, it's simple and well explained at this link :
    https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html#tutorial-basic-step1

  2. In order to access to the value stored, I added a Permission Policy SecretsManagerReadWrite, more information at the documentation :
    https://docs.aws.amazon.com/mediaconnect/latest/ug/iam-policy-examples-asm-secrets.html

  3. Everything is ready to test retrieving the value via Postman :
    the Endpoint : https://secretsmanager.REGION_ID.amazonaws.com/GetSecretValue
    image

In the body, I specified the secretId that I took from AWS Secrets Manager:
image

and voila, the result :
image

Discussion (0)