skip to Main Content

I am beginner to aws.
aws keys stored in pc in folder "C:UsersUSERNAME.awscredentials" is simple text file.
Q1) Why it is stored in easy readable format?
Q2) How to protect these credentials or is there any way to store it in encrypted way?

2

Answers


  1. Q2) One option is to create an environment variable within your code’s operating environment to store the key. Environment variables are managed by the environment’s operating system and can be accessed via system libraries or the AWS SDK for your preferred programming language.

    Q1) Thats they way it stores when you run aws configure post awscli installation.

    On ways to secure it more :

    1. Follow AccessKey Rotation practice to make sure that even if ur access key falls into wrong hands rotating it and creating a new accesskey would protect from any mishaps.
    2. Use AWS Secret Manager to store your secrets which also gives you options to rotate secret values as well.
    Login or Signup to reply.
  2. The user folder is generally considered to be private to the user. In typical OS setup, the permissions would be set, so that only the user has access to their home directory. Of course anyone who gains access to that folder also has access to the keys, but that’s not any different for other common scenarios like storing ssh keys in so called ‘hidden’ .ssh/ folder

    In any case, if you are not comfortable with that, the other option is to store them where ever you feel safe, then retrieve them and temporarily add them to your user environment profile.

    The environment variables are documented here: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search