I would like to use the dynamic config feature with aws-ssm. My question is how do a secure the aws credentials being used? For testing I used waypoint config source-set -type=aws-ssm -config="secret_key=ABC123"
. How secure is this? I was able to run config source-get and see the secret key. I was also able to do so on the waypoint server itself.
I tried using the -config=“profile=myprofile” but that did not work. I’m assuming its because I ran that command from my workstation and the waypoint server nor docker container have an aws profile setup.
So I guess the question is how do I best manage the aws secrets needed to use the aws-ssm plugin? If it could somehow be gathered on the workstation where waypoint is being run that would be best.