How to store credentials on AWS using Parameter Store

We can store our credentials or plain-text data in the Parameter Store. Parameters Store comes under System Managers in AWS. It allows us to separate our secrets and configuration data from the code. It can be tagged and organized into hierarchies which can us to manage parameters more easily. It is integrated with AWS Key Management Service (KMS), allowing us to automatically encrypt the data we store. Once we have our data in Parameter, we can centrally and securely reference this data in our scripts, commands, and SSM documents.

Parameter Store provides support to String, StringList, and SecureString.

The standard type of parameter does not come with additional costs whereas the Advanced type of Parameter comes with $0.05 per 10,000 Parameter Store API interactions. To know more about its pricing click here to visit the official AWS pricing page.

In this article, we will create a parameter and store configuration data in it of type SecureString. We will also modify the parameter and see how it maintains multiple versions.

Pre-requisites

  1. AWS Account(Create if you don’t have one).

What will we do?

  1. Login to AWS
  2. Create a Parameter to store configuration data.
  3. Edit the Parameter
  4. Delete the Parameter

Login to AWS

Click here to go to AWS Login Page.

Upon clicking the above link you will see the login page as follows where you can enter your  AWS account credentials.

Login Page

Once you successfully login into your account you will see the main dashboard of AWS as follows.

AWS dashboard

Create a Parameter to store configuration data.

To create a parameter click on "Services" in the top left of the screen and search for "Systems manager"

Search Systems Manager

Here you see the main dashboard of "Systems Manager". In the left panel click on "Parameter Store" under "Applications Management.

Systems Manager dashboard

Since I do not have any parameter created in my account in the selected region, I see no parameters on the main dashboard of the Parameter store.

To create a new parameter click on the "Create parameter" button.

Parameter Store dashboard

Here you can specify the name of the parameter. Proceed with the "Standard" tier parameter and select "SecureString" under the type of the parameter.

You also need to select a KMS key. You can either select it from your current account or another account.

Here we have specified KMS Key ID which belongs to the current account.

Create a Parameter Store - Name it

Under the value text field, specify the configuration data which needs to be stored in the parameter.

You can optionally add tags to the parameter and click on the "Create parameter" button to create the parameter.

Create a Parameter Store - Define its value

We have successfully created our first parameter and stored the configuration data in it. Click on the parameter we just created to see more information about it.

Parameter Store list

Here you can see the overview of the parameter we created. If you click on the "Show" button under the "Value" field the value of the configuration that we saved in the parameter will get displayed.

Parameter Store - Check its details

Edit the Parameter

Under the history tab, we can see the number of versions the parameter has in it. Since we have not edited and changed the configuration data in the parameter we created we see only one version.

To change the configuration data or modify the parameter click on the "Edit" button.

Parameter Store - Check its version history

Now again we can change the configuration or the parameter details which will create a new version under the same parameter.

Now, let's change the value of the parameter to some other value than we stored earlier.

Parameter Store - Modify it

Once we modify the parameter we can see two revisions under it.

Here, you can see that now we have two revisions in the Parameter.

The one we created for the first time and the other we saved after editing the Parameter.

If you want you can decrypt the revisions to see what all values they have.

Parameter Store - Check its latest version history

To decrypt the values select the "Decrypt all" check-box.

Parameter Store - Decrypt and see values in history

Delete the Parameter

If you no longer need the parameter to be stored, it is better to delete it.

To delete the parameter select the parameter to be deleted and click on the "Delete" button.

Parameter Store - Verify the latest value in it

Click on the "Delete" button to confirm your deletion and action.

Confirm deletion operation

Conclusion

In this article, we saw the steps to create a parameter store to Save configuration data in a secured form. We also saw how the Parameter Store keeps different revisions of the configuration data we saved in it. Lastly, we saw how simple it is to delete the Parameter we created.

Share this page:

0 Comment(s)