How do I ensure that my app uses secrets securely  ( on AWS )?

  1. Create IAM roles for each application.
  2. Grant those roles the ability to retrieve secrets
  3. Update your application code to use GetSecretValue API calls.

Additional Tips

  1. This can, of course, be mapped to any cloud provider.
  2. Also, use git-secrets (agent) to ensure that secrets aren’t accidently committed to your git repo.