Summary
Secrets management is a challenge for the ephemeral nature of Docker applications, where the notion of preconfigured long-running servers with credentials stored in a configuration file is no longer an option, and injecting passwords directly as externally configured environment variables is considered a bad security practice. This requires a secrets management solution where your applications can dynamically fetch secrets from a secure credential store, and in this chapter you successfully implemented such a solution using the AWS Secrets Manager and KMS services.
You learned how to create a KMS key, which encrypts and decrypts confidential information, and is used by AWS Secrets Manager to ensure the privacy and confidentiality of secrets it stores. You next were introduced to the AWS Secrets Manager and learned how to create secrets using both the AWS console and AWS CLI. You learned how you can store multiple key/value pairs in your secrets, and were introduced to features such...