Recently we’ve already shared with you a material that covers all about AWS. But there is always something you can still learn. This time that’s about using AWS Secret Managers in Rails.
AWS has recently rolled out Secrets Manager in April 2018. It comes with a web console for you to easily CRUD the secrets, and it works with IAM to control who and what can access them. If you run one or more Rails apps in EC2, you can use IAM roles for EC2 to implement access control for each of the secrets.
It costs $0.40/month to store a secret. Each secret stores up to 4096 Unicode characters. Technically, you can just pay only $0.40/month to store all your existing key-value secret pairs, provided you can fit them all in the chars limit. You can also pay a little more to store them in multiple JSON secrets to have them better organized.
We will need to load the secrets before the other gems are even loaded, including Rails. That is because ActiveRecord will discover your credentials from
config/database.yml and ENV as soon as it’s loaded. The best place for you to fetch secrets from AWS is inside config/application.rb, just right before Bundler is ordered to load the gems.
If you want to find more details, please check here.
We also recommend you to read about pros and cons of AWS vs Google Cloud Platform.