Local secrets are defined in the
worspace/secrets folder and production secrets are managed by AWS Secrets Manager. This directory is excluded from version control (see
.gitignore) and its contents should be handled with the same security as passwords
Apps running locally can read secrets using a
yaml file, for example:
dev_fastapi = FastApiServer( ... # Read secrets from secrets/dev_app_secrets.yml secrets_file=ws_settings.ws_root.joinpath("workspace/secrets/dev_app_secrets.yml"), )
SecretsManager resources to hold production secrets which are then used by the Apps.
prd_api_secret = SecretsManager( ... # Create secret from workspace/secrets/prd_api_secrets.yml secret_files=[ws_settings.ws_root.joinpath("workspace/secrets/prd_api_secrets.yml")], )
Use these in Apps like:
prd_fastapi = FastApiServer( ... aws_secrets=[prd_api_secret], ... # Uncomment to read secrets from secrets/prd_api_secrets.yml # secrets_file=ws_settings.ws_root.joinpath("workspace/secrets/prd_api_secrets.yml"),
Production applications can also read secrets from the local files but we recommend using the AWS Secrets Manager.