Which Secrets Manager to use?
Hey fellow Devs,
I just wanted to ask if anyone has an opinion regarding AWS Secrets Manager or Vault (https://www.vaultproject.io/) to securely store secrets.
For more context - "Secrets Manager enables you to replace hardcoded credentials in your code with an API call to Secrets Manager to retrieve the secret programmatically. Also, you can configure Secrets Manager to automatically rotate the secret for you according to a schedule that you specify."
Trending on Indie Hackers
I mostly use SecureStrings from AWS Systems Manager. Most of the secrets that I'm dealing with are external, so (SendGrid token, etc), so most of the features provided by Secrets Manager aren't relevant to me. Systems Manager is way cheaper for those kinds of things, but if you do need built-in rotation, then I agree with @rsalmond: if you're on AWS, then Secrets Manager is probably the way to go. If not, Vault is probably the way to go.
Thanks @ianwremmel, for introducing Systems Manager. I will check it out too 🙌
I've tested both but used neither in production (I am currently using Google Secret Manager in production however).
Vault provides more features and flexibility but if you're on AWS it's probably a lot simpler to just use AWS Secret Manager. You can grant secret access using native IAM policies without the need to get your head around another policy system introduced by Vault.
Unless you really need dynamic credential rotation, which is a super cool Vault feature, just stick your creds in AWS SM and get on with shipping features for your users.
Thank you so much for the reply @rsalmond. It all makes sense.