Which solution will meet these requirements MOST securely?

By:
In: DVA-C02
Tagged:
With: 1 Comment
A company wants to share information with a third party.The third party has an HTTP API endpoint that the company can use to share the information.The company has the required API key to access the HTTP API.The company needs a way to manage the API key by using code.The integration of the API key with the application code cannot affect application performance.

Which solution will meet these requirements MOST securely?

Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.

Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Explanations:

Storing the API credentials in AWS Secrets Manager provides a secure and managed way to handle sensitive information. Secrets Manager automatically encrypts the credentials and allows secure retrieval at runtime through the AWS SDK, ensuring that the application performance is not adversely affected while keeping the credentials secure.

Storing API credentials in a local code variable is highly insecure because it exposes sensitive information in the source code. Even if the code is pushed to a secure Git repository, the credentials can be leaked or accessed by unauthorized users, which significantly compromises security.

While storing the API credentials as an object in a private Amazon S3 bucket allows for some level of access control through IAM policies, it is less secure than using AWS Secrets Manager. S3 buckets require careful management of access permissions, and retrieving credentials from S3 can add latency, potentially impacting application performance.

Storing API credentials in an Amazon DynamoDB table can provide a way to restrict access through resource-based policies. However, it is less secure than AWS Secrets Manager, which is specifically designed for managing secrets. Additionally, managing credentials in a database may introduce unnecessary complexity and performance overhead when retrieving them at runtime.

2025-10-16

1 Comment

  1. Diane
    Author

    In my opinion, the answer is:
    Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Leave a Reply

Your email address will not be published. Required fields are marked *

one × three =