\
I love things to be organized and easily managed. Secret data in code is no exception. Previously I wrote a guide [how to use AWS Secrets manager](https://medium.com/geekculture/aws-secrets-manager-for-test-automation-project-2958331a8309). And now, I want you to look at one more solution - [AWS Systems Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html).

\
It provides a secure and hierarchical storage and management system for secret data like passwords, secret parameters, licenses, etc. You can avoid routine with handy-managed secret files, which you should share with every team member and add to every Jenkins Job. Just add them to centralized storage and set up retrieving via AWS API.

\
The great benefit of Parameters Store is that you can save any piece of data instead of AWS Secrets Manager, where you can choose only a particular format. Let's configure some secrets and see how it works in practice.

\
Imagine that we want to store licence.xml for some library.

```markup
<LICENSEFILE>
    <FEATURE NAME="MyFeatureName"> 
        <SETTING MAJOR_VERSION="1"/>
        <SETTING MINOR_VERSION="0"/>
        <SETTING END="2018-01-01"/>
        <CLIENT_HOSTID>
            <SETTING IPADDRESS="123.123.123.123"/>
            <SETTING USERNAME="john"/>
        </CLIENT_HOSTID>
    </FEATURE>
</LICENSEFILE>
```

\
\
Find the Parameter Store and open the main page.

 ![](https://cdn.hackernoon.com/images/-5k930j0.png)

\
Follow the "Create parameter" button and go to the configuration page.

 ![](https://cdn.hackernoon.com/images/-60a30dl.png)

\
Type a secret name and choose type "SecureString."

 ![](https://cdn.hackernoon.com/images/-g8b30zh.png)

\
Put secret data to the value field and follow "Create parameter."

 ![](https://cdn.hackernoon.com/images/-63c30vk.png)

\
That's all, secret created!

 ![](https://cdn.hackernoon.com/images/-3ld303g.png)

\
To make it accessible for target users need to grant permissions with the policy that allows reading params:

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ssm:GetParameter",
            "Resource": "*"
        }
    ]
}
```

\
\
And now, let's get it from code. Add SSM dependency to your project, create a rest client, perform a get request with decryption, and use the received secret.

```markup
<dependency>
   <groupId>com.amazonaws</groupId>
   <artifactId>aws-java-sdk-ssm</artifactId>
   <version>1.12.186</version>
</dependency>
```

\
```java
AWSSimpleSystemsManagement client = AWSSimpleSystemsManagementClient
       .builder()
       .withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)))
       .build();


var getParameterRequest = new GetParameterRequest()
       .withName("licence.xml")
       .withWithDecryption(true);
String license = client.getParameter(getParameterRequest).getParameter().getValue();

LicenseReader.read(license);
```

\
This way, you can store and retrieve any data that can be deserialized from string to any object you might be interested in.

## Conclusion

Parameters Store is a secure and scalable secrets management service with no servers to manage. In the case of different types of secret data, it looks like a universal solution for all of them. That is a great way to manage stricted things in your project.

 \n  \n 

\
\


Amazon

Routine

Target

2022 - HackerNoon Contributor of the Year - Git

2022 - HackerNoon Contributor of the Year - Github

Nominated for 2022 - HackerNoon Contributor of the Year - Git

Nominated for 2022 - HackerNoon Contributor of the Year - Github

Too Long; Didn't Read

Get hands-on learning from ML experts on Coursera 

AWS Parameters Store for Test Automation Project

Too Long; Didn't Read

Companies Mentioned

@dbudim

RELATED STORIES