DEV Community

loading...

Discussion on: Best practices to use AWS access key and secret in your development environment

Collapse
sidpalas profile image
sidpalas • Edited

Using the ~/.aws/credentials approach is useful for a development environment where you potentially need to test things with multiple profiles, but for a production deployment, the ENV Variable is preferred, right?

Another important consideration: Don't check credentials into VCS in plain text. It may not seem to bad if the team is small and the repo is private, but eventually, the team will grow and it will be necessary to limit access to the credentials!

Collapse
marcellusherlus profile image
marcellusherlus

Good point with the VCS! itβ€˜s very important never commit credentials.

If you use a CI/CD tool like CircleCI or Jenkins you can store the credentials as environment variables so the Containers in the build process have access to them.

So yes for not local environments itβ€˜s a good pattern to use the ENV variable.

Collapse
sahays profile image
Sanjeet Sahay Author

You make a great point here. In fact, with IAM roles, these environment variables are set which means reading credentials from environment variables is the way to go. I will clarify these in the post πŸ‘πŸΌ