0 votes
1 view
in AWS by (19.2k points)

I'm building a monitoring tool based on AWS Lambda. Given a set of metrics, the Lambdas should be able to send SMS using Twilio API. To be able to use the API, Twilio provide an account SID and an auth token.

How and where should I store these secrets?

I'm currently thinking to use AWS KMS but there might be other better solutions.

1 Answer

0 votes
by (44.6k points)

You can do it like this using AWS KMS. Follow the steps below:

1. Using this documentation create your KMS key: Create Keys

2. Using AWS CLI, you can encrypt your secret and put it into a file:

aws kms encrypt --key-id some_key_id --plaintext "This is the scret you want to encrypt" --query CiphertextBlob --output text | base64 -D > ./encrypted-secret

3. Then upload this file as a part of your Lambda function. You can decrypt the secret and use it.

var fs = require('fs');

var AWS = require('aws-sdk');

var kms = new AWS.KMS({region:'eu-west-1'});

var secretPath = './encrypted-secret';

var encryptedSecret = fs.readFileSync(secretPath);

var params = {

  CiphertextBlob: encryptedSecret


kms.decrypt(params, function(err, data) {

  if (err) console.log(err, err.stack);

  else {

    var decryptedSecret = data['Plaintext'].toString();




Welcome to Intellipaat Community. Get your technical queries answered by top developers !