From 638a0dab5743e31354a1331f2295fb63417a870c Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Thu, 31 Aug 2023 16:48:12 +0100
Subject: [PATCH] aws: secrets vs env vars

---
 DevOps/AWS/AWS_Lambda/Secrets_or_env_vars.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 DevOps/AWS/AWS_Lambda/Secrets_or_env_vars.md

diff --git a/DevOps/AWS/AWS_Lambda/Secrets_or_env_vars.md b/DevOps/AWS/AWS_Lambda/Secrets_or_env_vars.md
new file mode 100644
index 0000000..13a1d1f
--- /dev/null
+++ b/DevOps/AWS/AWS_Lambda/Secrets_or_env_vars.md
@@ -0,0 +1,12 @@
+---
+categories:
+  - DevOps
+  - Backend
+tags: [AWS, aws-lambda]
+---
+
+# Secrets or environment variables?
+
+Choosing between environment variables and AWS Secrets Manager hinges on factors such as use case, security needs, and the data type. Environment variables are easier to use, free, and offer fast access but are less secure and lack features like versioning. On the other hand, AWS Secrets Manager provides robust security through encryption, access control, audit trails, and supports secret versioning and rotation. However, it comes with additional costs and can introduce latency and rate limits.
+
+General recommendations suggest using AWS Secrets Manager for storing sensitive data like API keys and passwords, due to its enhanced security features. For less sensitive, non-critical data such as feature flags or environment-specific URLs, environment variables are often adequate. Cost-conscious users who don't need advanced features may find environment variables more economical. Ultimately, the best choice depends on your specific requirements and limitations.