Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Protect S3 data #146

Closed
toptierlabs opened this Issue Jan 10, 2014 · 3 comments

Comments

Projects
None yet
3 participants

I am worried about having the access and secret key on the client side. Can you think in a way of protecting/encrypting it?

Thanks.

You can always use something like Figaro, https://github.com/laserlemon/figaro, to use environment variables and prevent your keys from getting checked in to source code.

Collaborator

mcfiredrill commented Jan 12, 2014

The client secret is not exposed on the client side, only the access key id. The upload form's are signed with security policies, you can read more about that here:
http://aws.amazon.com/articles/1434?_encoding=UTF8&jiveRedirect=1

Collaborator

mcfiredrill commented Dec 14, 2015

Closing this issue as there hasn't been a reply in over a year. Please feel free to reopen if you like.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment