Skip to content

Security: ellosoft/aws-cred-mgr

Security

Report a vulnerability

.github/SECURITY.md

Security Policy

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
0.0.x

Reporting a Vulnerability

We take the security of the software and any data it processes seriously. If you have discovered a security issue, we appreciate your help in disclosing it to us in a responsible manner.

Please do the following:

  • Email us at secure-github@ellosoft.com with a description of the issue, the steps you undertook to discover it, and any potential impacts you have identified.
  • Do not disclose the issue publicly until we have had a chance to address it. We aim to address any security issues in a timely manner and release updates as quickly as possible.
  • Provide us with a reasonable amount of time to fix the issue before you disclose it to the public or a third party. We promise to work with you to understand and resolve the issue quickly.
  • Avoid accessing or stealing data if the security issue provides the capability to do so. If you inadvertently access proprietary data or personal information, cease your actions immediately and notify us.

What to expect after you've reported an issue:

  • We will acknowledge your email within 48 hours.
  • We will provide an estimated timeline for when we expect to address the issue.
  • We will notify you when the issue is fixed and the update is released.

Please avoid:

  • Reporting non-sensitive security issues like a lack of rate limiting on any functionality where it does not pose a risk.
  • Reporting vulnerabilities in third-party components which are not directly related to aws-cred-mgr code. Please report these issues to the appropriate projects.
  • Sending non-security bugs or queries to our security email. For regular bugs and inquiries, please use the issue tracker.

Security Best Practices for Users

We also recommend that users of aws-cred-mgr follow these best practices to ensure the security of their AWS credentials:

  • Always keep your local environment secure.
  • Do not share your AWS credentials or Okta authentication details with others.
  • Regularly update aws-cred-mgr to the latest version to receive security updates and new features.

Thank you for your support in keeping aws-cred-mgr and its community safe and secure.

There aren’t any published security advisories