AWS has two different services for handling sensitive application configuration.
Secrets Manager and SSM Parameter Store. One cost pennies and the other is free.
Instead of rolling your own I would suggest these services as you can apply envelope encryption.
If you are running AWS EC2 instances you don't need to embed AWS credentials as they are passed securely to the instance already via roles.
If you are using the AWS Credentials directly as a user you can apply MFA to include another layer of protection.
There is also AWS KMS (i think its recommended by AWS nowadays)
On github there is also "secrets" under repo /settings/secrets - if you use github actions. GHA then can set environment variables based on secrets value.
And of course universal method (assuming you use git) - git crypt - if you insist on keeping those in files in repo.
When I was mentioning envelope encryption on Secrets Manager or SSM Parameter Store that is using KMS. So you checkbox encrypt and choose a key from KMS.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
AWS has two different services for handling sensitive application configuration.
Secrets Manager and SSM Parameter Store. One cost pennies and the other is free.
Instead of rolling your own I would suggest these services as you can apply envelope encryption.
If you are running AWS EC2 instances you don't need to embed AWS credentials as they are passed securely to the instance already via roles.
If you are using the AWS Credentials directly as a user you can apply MFA to include another layer of protection.
There is also AWS KMS (i think its recommended by AWS nowadays)
On github there is also "secrets" under repo /settings/secrets - if you use github actions. GHA then can set environment variables based on secrets value.
And of course universal method (assuming you use git) - git crypt - if you insist on keeping those in files in repo.
When I was mentioning
envelope encryptionon Secrets Manager or SSM Parameter Store that is using KMS. So you checkboxencryptand choose a key from KMS.