How To Store Your AWS Lambda Secrets
Do it right, so you don’t have to redo it when your application load increases
Most Lambda deployments use environment variables to pass configuration to the deployed function. It’s the recommendation that AWS makes in the documentation, and it’s an attractive choice because it’s easy, encrypted at rest, and allows for flexibility in how you get the values there in the first place.
There are many articles with good recommendations about lambda configurations already. Why should you read this one?
Instead of comparing and contrasting approaches, this is a how-to guide for anyone whose primary values are minimising cost without compromising scalability or security. If you have additional or different needs, I recommend reading the links above as well.
This guide is aimed at small to medium teams working in contexts where security matters, but fine-grained permission management might not.
Just tell me the answer
If you’re here from Google and just want a recommendation, feel free to skip to the end for the summary. If you want the detailed rationale behind the recommendation, read on.