I'm maintaining an API Gateway which proves its identity one of its upstream API (HTTP) proxy integrations using an API key in a GET parameter. (Certain limitations prevent a more robust client SSL certificate at this time.)
Currently this API key is supplied as a static value in the URL Query String Parameters section of the HTTP Proxy integration.
It's time to rotate keys and we need a more centralized / integrated solution to this problem --- for the client and the back-end.
What's the most direct, straight-forward way of injecting secrets from AWS Secrets Manager into an API Gateway integration?
I can imagine loading the relevant secret onto the request context from the respective authorizer lambda, but this seems wrong: a mingling of separate concerns.
Thanks in advance for any tips!
