Ends in
00
days
00
hrs
00
mins
00
secs
ENROLL NOW

🎁 Get 20% Off - Christmas Big Sale on All Practice Exams, Video Courses, and eBooks!

Using the Secure String Parameter in Systems Manager Parameter Store

Home » AWS Cheat Sheets » AWS Security & Identity Services » Security Related Notes » Using the Secure String Parameter in Systems Manager Parameter Store

Using the Secure String Parameter in Systems Manager Parameter Store

Last updated on July 10, 2024

What is AWS Systems Manager Parameter Store

AWS Systems Manager Parameter Store helps you securely store and share key-value pairs across your AWS environment. It is one of the packages under AWS Systems Manager that helps you design a more robust and abstract infrastructure. With Parameter Store, you don’t have to hard code parameters nor save them in config files for application use. You can easily reference them in your applications and AWS resources using the unique parameter store key of those items. 

Parameter Store supports a lot of use cases, from saving unencrypted plaintext to more sensitive information such as database passwords. You can also store configuration data and secure strings in hierarchies and track versions. During parameter creation, you specify the data type of your string:

  • String – Any string value.
  • StringList – Separate strings using commas.
  • SecureString – Encrypt sensitive data using the KMS keys for your account
Tutorials dojo strip

For parameters that should not be retrieved or referenced in plaintext, it is best to use the SecureString data type.

How to Secure Parameters in Parameter Store

Sensitive information, such as passwords and secrets, should never be left exposed as is. Parameter Store solves this problem by offering the SecureString data type, which uses AWS KMS to protect your information. AWS KMS uses either customer managed keys or an AWS KMS key when encrypting the parameter value. Then in the application that references the parameter, you must set WithDecryption to True to use the original parameter value.

To create a secure parameter in the console, 

  1. Go to AWS Systems Manager and select Parameter Store

Systems Manager Parameter Store

      2. On the create parameter page, give your parameter a name and an optional description

      3. Choose SecureString data type and select the AWS KMS key that you want to use

Systems Manager Parameter Store

      4. Lastly, enter the value of your parameter, add some tags, and click Create parameter

Systems Manager Parameter Store

If you check the details of your parameter, you can see that the value is replaced by asterisks, to keep your information from being exposed to the public.

How to reference your SecureString parameter

To retrieve your parameters, use the AWS SSM GetParameters API call in your script or code.

Request Syntax

Systems Manager Parameter Store

  • In the Names section, include all the parameters that you want to retrieve. 
  • If those parameters are encrypted through SecureString, be sure to set WithDecryption to True if you need the unencrypted value of the parameter.
    • If you cannot decrypt the parameters, check if your account has the necessary permissions to decrypt information using that AWS KMS key.

Final thoughts

AWS Systems Manager Parameter Store really comes in handy when you want to build robust and abstract systems in AWS. Information does not need to be stored within the application anymore, and it can also be shared among different applications in a simple and secure way. SecureString is very helpful in protecting sensitive information and making sure that only the right people have access to it.

Note: If you are studying for the AWS Certified Security Specialty exam, we highly recommend that you take our AWS Certified Security – Specialty Practice Exams and read our Security Specialty exam study guide.

AWS Certified Security - Specialty Exam Study Path

Sources:

https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-securestring.html

Get 20% Off – Christmas Big Sale on All Practice Exams, Video Courses, and eBooks!

Tutorials Dojo portal

Learn AWS with our PlayCloud Hands-On Labs

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

FREE AWS, Azure, GCP Practice Test Samplers

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

Follow Us On Linkedin

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?