Home > Backend Development > Golang > Correct strategy for getting secrets on local go application

Correct strategy for getting secrets on local go application

WBOY
Release: 2024-02-08 22:42:08
forward
1148 people have browsed it

在本地 go 应用程序上获取机密的正确策略

php editor Banana brings you an article about the correct strategy for obtaining secrets for local Go applications. In modern application development, protecting the security of sensitive information is crucial. This article will share some effective strategies to help developers correctly obtain and use confidential information in native Go applications to ensure data confidentiality and integrity. Whether it's database passwords, API keys, or other sensitive information, proper handling and storage is key to keeping your application secure. Let’s dive into how to handle confidential information securely!

Question content

Playing a small project on aws:

  • golang application
  • rds/mysql database
  • Secret Manager
  • api gateway and lambda

I'm running the go application locally to verify interaction with the database, but I can't get it to work with the secret manager.

Use this sample code:

func getcreds() {
    config, err := config.loaddefaultconfig(context.todo(), config.withregion(region))
    if err != nil {
        log.fatal(err)
    }

    svc := secretsmanager.newfromconfig(config)
    input := &secretsmanager.getsecretvalueinput{
        secretid:     aws.string(secretname),
        versionstage: aws.string("awscurrent"),
    }

    result, err := svc.getsecretvalue(context.todo(), input)
    if err != nil {
        log.fatal(err.error())
    }

    var secretstring string = *result.secretstring
    log.printf("pwd: %s", secretstring)
}
Copy after login

I understand

operation error secrets manager: getsecretvalue, exceeded maximum number of attempts, 3, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no ec2 imds role found, operation error ec2imds
Copy after login

If I understand correctly, I need to add permissions to the user/policy. But where to add this? In the iam console? Or the secret manager console?

What should it be?

{
    "Version":"2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Principal": {"AWS": "<what to add here>"},
            "Resource": "<and here>"
        }
    ]
}
Copy after login

Workaround

go The application cannot find the credentials to use the aws api.

According to (Configuration Credentials) you can use this code to automatically use ~/.aws/config as your local credentials

sess := session.must(session.newsessionwithoptions(session.options{
    sharedconfigstate: session.sharedconfigenable,
}))
Copy after login

If you provide custom configuration, you must provide credentials. There are other methods, choose the one that works for you. aws proposed the above method.

This includes running with your user. For aws execution, you need to grant the lambda function access to the key:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue",
            ],
            "Resource": [
                "arn:aws:secretsmanager:us-west-2:111122223333:secret:aes128-1a2b3c"
            ]
        }
}
Copy after login

The above policy must be applied to the iam role used to execute the lambda. You can find roles aws console -> lambda -> your lambda -> configuration -> permissions -> execution role

The above is the detailed content of Correct strategy for getting secrets on local go application. For more information, please follow other related articles on the PHP Chinese website!

source:stackoverflow.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template