How to Store AWS Credentials Securely on a Personal Machine

amazon-web-servicescredentialslinuxSecurity

How can I securely store AWS credentials on personal machines?

In detail:

Everybody in our team requires AWS security credentials for doing administrative tasks (credentials are separated by role). These credentials are usually stored in plaintext in some config files on disk. I think this is very insecure, especially considering that credentials are distributed over team members, end up in backup etc.

I would much prefer storing these credentials in encrypted form (similar to ssh keys, for example). Is there some automated way of doing so? Or do I need to hack up some bash script that uses for example openssl to encrypt data?

There is much information on the web regarding how to secure credentials on an EC2 instance. There's even this Amazon IAM roles functionality, but it also applies only to EC2.

Best Answer

https://github.com/realestate-com-au/credulous may be worth investigating. From the project description:

credulous is a command line tool that manages AWS (IAM) Credentials securely. The aim is to encrypt the credentials using a user's public SSH Key so that only the user who has the corresponding private SSH key is able to see and use them. Furthermore the tool will also enable the user to easily rotate their current credentials without breaking the user's current workflow.

There's an introductory blog article at http://techblog.realestate.com.au/protecting-your-aws-keys-with-credulous/.

Best Answer

Related Solutions

How to chain AWS IAM AssumeRole API calls

AWS credentials not working – ~/.aws/credentials

Related Topic