added AWS KMS encryption for files stored on s3 #14
Conversation
|
I definitely agree that encrypting the certificate key is a good idea. I'll have to test this when I have a minute, because not only do I want the generation to be simple, I also want the retrieval (by other lambdas in the same family most likely) to be simple as well, while remaining protected, which encryption helps with. So far I was utilizing bucket access policies to remain secure as far as access, but further encryption would most likely be better. Not everyone wants to pay an extra $1/mo. for that though, even if they should. Thanks for the idea! |
|
I admittedly haven't worked a lot in node, so it may be better if it was an optional setting (since like you said, it may not be necessary for everyone's use case). I wasn't quite sure how to implement that without drastically changing some of the code (and probably doing so improperly, lol) |
Since certs/private keys are being stored on S3, I thought it might be a good idea to add AWS KMS to the mix. This commit allows the function to store/retrieve the cert/account files and encrypt at rest using the specified KMS key.