2

I have some code such as this which will run inside of Lambda:

var Parse = require('parse').Parse;

Parse.initialize("Your App Id", "Your JavaScript Key");

var query = new Parse.Query(Parse.User);
query.find({
  success: function(users) {
    for (var i = 0; i < users.length; ++i) {
      console.log(users[i].get('username'));
    }
  }
});

The code needs an API key to work. Is it safe to just put the key directly into the code or should I store it somewhere else, and if so where? I am concerned if it needs to be stored externally, this will cause overhead as I need to make a network call every time to retrieve it.

helloV
  • 50,176
  • 7
  • 137
  • 145
user2924127
  • 6,034
  • 16
  • 78
  • 136

1 Answers1

2

I wouldn't put it in the code. One cheap and elegant solution is to use the Key Management Services offered by AWS. Just few lines of code to retrieve your key from AWS KMS. It costs $0.03 for every 10000 requests and each key storage costs $1/month.

AWS Key Management Service

It is integrated with AWS Lambda too.

Edit: See this SO link on how to use it: AWS Lambda: How to store secret to external API?

Community
  • 1
  • 1
helloV
  • 50,176
  • 7
  • 137
  • 145
  • Thanks! So my function will still though have to make a network call to KMS everytime the function is called though correct, or is it cached? – user2924127 Dec 30 '15 at 22:08
  • 1
    I do not think it is cached. You can check the link I posted. – helloV Dec 30 '15 at 22:19
  • Regarding caching, check this tread: https://forums.aws.amazon.com/thread.jspa?messageID=686261 specifically this response from Amazon: "Global" code (outside your handler) is initialized once per container (and then not called again). That's a great place to do any dynamic initialization, such as setting up global variables that you want to use throughout the lifetime of the container (i.e., across multiple requests). You can retrieve values from Amazon S3, Amazon DynamoDB, or other sources. – Mark B Dec 31 '15 at 00:32