AWS DynamoDB
Secrets are stored in a AWS DynamoDB Table. In order to protect secrets you can rely on encryption at rest or add additional encrypter to encrypt and decrypt secret before accessing it.
Installation
- npm
- Yarn
- pnpm
npm install @farbor/secret-storage-aws-dynamo @aws-sdk/client-dynamodb luxon
yarn add @farbor/secret-storage-aws-dynamo @aws-sdk/client-dynamodb luxon
pnpm add @farbor/secret-storage-aws-dynamo @aws-sdk/client-dynamodb luxon
Usage
import {SecretKeyStorageAwsDynamo} from "@farbor/secret-key-storage-aws-dynamo";
import {DynamoDBClient} from '@aws-sdk/client-dynamodb';
import {Duration} from 'luxon';
const storage = new SecretKeyStorageAwsDynamo(
new DynamoDBClient({}),
{
tableName: 'your-table-name',
// encrypter: yourEncrypter, // set it to use custom encryption
cacheTtl: Duration.from({hours: 5}) // store secret for 5 hours once retrieved
}
)
Table creation
Just create DynamoDB table with following key schema:
keyId
- string
info
On demand capacity mode is easiest to use but feel free to change it to provisioned if you know your traffic.
Consistency
Retrieval of secret is using consistent reads to ensure that the most recent version of the secret is returned.
FAQ
Why AWS DynamoDB
instead of AWS Secrets Manager
?
AWS DynamoDB is simply more cost effective.
Estimation for 100 secrets (or in other words - 100 users) and roughly 1000 reads a day
- AWS DynamoDB: 0.3$ per month
- AWS Secrets Manager: 8$ per month
Decision is up to you.