Amazon S3 Credentials file for production?
I am trying to implement the "recommended" method of storing credentials in my application for connecting to Amazon S3, which seems to be use a credential file having read this:
where it states:
Don't put literal access keys in your application, including the project's App.config or Web.config file.Doing so creates a risk of accidentally exposing your credentials if, for example, you upload the project to a public repository.
this is fine, but all the example have c:/path/to/my/file
so how to i make this path relative to my application, and not literal?
i have this, and it no worky:
<?xml version="1.0" encoding="utf-8"?> <configuration> <configSections> <section name="aws" type="Amazon.AWSSection, AWSSDK.Core"/> </configSections> <aws profileName="Profile1" profilesLocation="~/Credentials.json"> </aws> ... </configuration>
is this approach NOT the correct way for a released application, and only suitable for development?
You NEED TO KNOW know how AWS handle access.
First, the admin of the AWS resource will create Access Roles that will also generate a credential pair. It is call "access_key_id" and "secret_access_key".
Because Admin that new to AWS may assign many AWS apps to use the same roles and access key, that's why AWS document warn you NOT TO STORE IT inside your apps. So they recommend you to put the keyid and access key into a file, put it under a secure directory with restricted apps user/admin/apps group access. (in unix term, it means chmod 600)
Now back to your question. If your apps is running inside Windows instance and using .Net , unless you enable some sort of directory mapping(check .NET api), otherwise, you need to use windows path format.
If your apps are NOT using .Net, but something else like Java, node.js etc, (https://aws.amazon.com/tools/) , go get the correct API that will "talk AWS".