Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Pre-requisites
  • Workflow of managing broker token with AWS Secrets Manager
  • Additional Notes

Was this helpful?

  1. More Info
  2. Mobb Broker

Secure storage of Mobb broker in AWS Secrets Manager

PreviousMobb Broker Token RotationNextProviding Fix Feedback

Last updated 3 months ago

Was this helpful?

This guide outlines the process of securely storing and managing the Mobb Broker Token within an ECS (Elastic Container Service) environment using AWS Secrets Manager. It details the steps involved in automating token rotations, securely storing the token using AWS Secrets Manager, and configuring ECS to automatically retrieve the token value from AWS Secrets Manager.

Pre-requisites

This guide is only applicable if you are hosting the Mobb broker on AWS ECS. For a regular docker container deployment, refer to the main .

Workflow of managing broker token with AWS Secrets Manager

Step 1 - During token rotations, your Mobb organization’s administrator will generate a new Mobb Broker Token in the Mobb application via the UI (coming soon) or GraphQL API

Step 1.1 (Optional) - If required, the new token can be configured to be automatically shared across Mobb and your AWS Secrets Manager instances.

Step 2 - The token value obtained is stored in your AWS Secrets Manager

Step 3 - Mobb Broker hosted on ECS is configured to retrieve the new token value from the AWS Secrets Manager through the ECS Environment Variable automatic value retrieval feature. This can be achieved by setting the ECS Environment Variable parameter type to “ValueFrom” and the value to the Amazon Resource Name (ARN) of the AWS Secrets Manager secret. For more information, see the link:

Here is a screenshot of the “valueFrom” parameter type in the AWS documentation:

Here is an example screenshot of the “ValueFrom” parameter type selection in the ECS environment variable configuration screen:

Additional Notes

The entire process can be fully automated via a cron job configured on your side. Mobb's engineering team can provide a sample script that can be loaded in your AWS environment (AWS Lambda, EC2, or ECS Scheduled Tasks), triggered on a periodic basis to ensure the token is automatically rotated prior to the defined expiry date (default is 3 months from the date the token was generated).

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html
broker deployment guide