Securely Integrate Didit APIs with AWS Secrets Manager

Enhanced Security with AWS Secrets ManagerProtect sensitive Didit API keys by centralizing their storage and management within AWS Secrets Manager, significantly reducing the risk of exposure.

Automated Credential RotationImplement automated rotation policies for your API credentials using Secrets Manager, ensuring that your keys are regularly updated without manual intervention or service downtime.

Seamless Integration into CI/CD PipelinesIntegrate secure credential retrieval directly into your continuous integration and continuous deployment pipelines, allowing for secure deployment of applications utilizing Didit APIs.

Didit's Developer-First ApproachDidit's clean APIs and modular architecture are designed for easy and secure integration with services like AWS Secrets Manager, supporting robust identity verification workflows from ID Verification to AML Screening.

The Imperative of Secure API Credential Management

In today's digital landscape, securing API credentials is paramount, especially when dealing with sensitive identity verification data. Exposing API keys can lead to unauthorized access, data breaches, and severe compliance penalties. For businesses leveraging powerful identity verification platforms like Didit, protecting API keys is not just a best practice—it's a necessity. AWS Secrets Manager offers a robust solution for centralizing, managing, and securely rotating database credentials, API keys, and other secrets throughout their lifecycle. This integration ensures that your applications can access Didit's cutting-edge identity verification capabilities, such as ID Verification, Passive & Active Liveness, and AML Screening, without compromising security.

Traditional methods of hardcoding API keys or storing them in environment variables present significant security vulnerabilities. Developers might inadvertently commit these keys to version control systems or expose them in log files. AWS Secrets Manager mitigates these risks by providing a dedicated, secure service for secrets management. It allows you to store your Didit API keys encrypted and retrieve them programmatically, ensuring they are never directly exposed in your application code or configuration files. This approach aligns perfectly with Didit's developer-first philosophy, promoting secure and scalable integrations.

Setting Up AWS Secrets Manager for Didit API Keys

Integrating AWS Secrets Manager with your Didit API keys involves a few straightforward steps. First, you'll need an AWS account and a Didit API key. If you don't have a Didit API key yet, you can easily obtain one by registering for Didit's free tier. Once you have your API key, navigate to the AWS Secrets Manager console to create a new secret.

Step-by-Step Configuration:

1. Create a New Secret: In the AWS Secrets Manager console, choose "Store a new secret." Select "Other type of secret" and enter your Didit API key as a plain text or key-value pair. A common practice is to use a key-value pair like {"DIDIT_API_KEY": "YOUR_SECRET_DIDIT_KEY"}.
2. Configure Secret Name and Description: Give your secret a meaningful name, e.g., didit/api-key-production, and an optional description. This helps in identifying the secret later.
3. Disable Automatic Rotation (Initially): For API keys that don't have built-in rotation mechanisms via a service, you might initially disable automatic rotation. However, Secrets Manager does support custom rotation functions using AWS Lambda, which is highly recommended for long-term security.
4. Review and Store: Review your configuration and store the secret.

Once stored, your Didit API key is encrypted at rest and can only be accessed by authorized AWS IAM roles or users. This immediately elevates the security posture of your integration, making it much harder for unauthorized parties to gain access to your critical identity verification services.

Accessing Didit API Keys Programmatically with AWS SDK

The real power of AWS Secrets Manager comes from its programmatic access. Your applications, whether running on EC2 instances, AWS Lambda, or ECS containers, can retrieve secrets at runtime using the AWS SDKs. This ensures that the API key is never hardcoded and is only made available to the application when needed.

Example Code Snippet (Python):

import boto3
from botocore.exceptions import ClientError
import json

def get_didit_api_key(secret_name, region_name="us-east-1"):
    client = boto3.client("secretsmanager", region_name=region_name)
    try:
        get_secret_value_response = client.get_secret_value(SecretId=secret_name)
    except ClientError as e:
        raise e
    else:
        if "SecretString" in get_secret_value_response:
            secret = get_secret_value_response["SecretString"]
            return json.loads(secret)["DIDIT_API_KEY"]
        else:
            # For binary secrets, handle accordingly
            pass

# Usage example
# didit_api_key = get_didit_api_key("didit/api-key-production")
# print(f"Retrieved Didit API Key: {didit_api_key}")

This Python function demonstrates how to retrieve the DIDIT_API_KEY from Secrets Manager. The application would call this function at startup or when the key is needed, ensuring that the key is dynamically loaded and not statically present in the codebase. Combined with AWS IAM roles, you can grant specific permissions to your applications to only retrieve the necessary secrets, adhering to the principle of least privilege.

Automated Rotation and Compliance Benefits

While Didit's API keys are designed for long-term use, the ability to rotate credentials regularly is a cornerstone of robust security. AWS Secrets Manager offers automated rotation, which, for API keys, typically involves invoking a Lambda function. This function can be custom-built to interact with Didit's management API (if supported) to generate new keys, update Secrets Manager, and then deprecate old keys. This ensures that even if a key is compromised, its lifespan is limited, significantly reducing the attack surface.

Automated rotation is crucial for meeting various compliance standards, such as GDPR, CCPA, and industry-specific regulations. By integrating Didit with AWS Secrets Manager, organizations can demonstrate a strong commitment to data security and privacy. Didit's comprehensive suite of identity verification tools, including ID Verification (OCR, MRZ, barcodes), Passive & Active Liveness, 1:1 Face Match, and AML Screening & Monitoring, handles sensitive user data. Therefore, securing the access credentials to these services is not just good practice but a regulatory mandate in many jurisdictions.

How Didit Helps

Didit is the AI-native, developer-first identity platform, designed for seamless and secure integration into any application. Our modular architecture and clean APIs make it incredibly easy to integrate with advanced security services like AWS Secrets Manager. Didit offers a comprehensive suite of identity verification products, from ID Verification (supporting OCR, MRZ, and barcodes) and Passive & Active Liveness for fraud prevention, to 1:1 Face Match & Face Search for biometric security, and AML Screening & Monitoring for compliance. For specific needs like age verification, Didit's privacy-preserving Age Estimation product ensures compliance without compromising user data.

Didit's commitment to a developer-first experience means providing instant sandboxes and extensive public documentation, allowing your team to quickly and securely implement identity solutions. With Didit, you benefit from Free Core KYC, a pay-per-successful check model, and no setup fees, making advanced identity verification accessible and cost-effective. By combining Didit's powerful identity verification capabilities with the robust credential management of AWS Secrets Manager, you can build highly secure, compliant, and scalable applications that automate trust and orchestrate risk with confidence.

Ready to Get Started?

Ready to see Didit in action? Get a free demo today.

Start verifying identities for free with Didit's free tier.