epriestley Authored on epriestley Pushed on Jan 10 2016, 3:58 PM
- Differential Revision
- D14979: Implement `bin/aws-s3 get ...` and a basic S3 client API
- rPHU0ca806c9e0dc: Implement AWS v4 signature API
- T5155: Evaluate support for AWS IAM Roles in S3 Client
- Build Status
Buildable 10032 Build 12133: Run Core Tests
Command-line arguments of any process can be seen by any user. For example, run ps aux and you can see the command-line arguments even of processes run by root.
Is it prudent to expose AWS credentials in such a way? I'd suggest instead sticking with the credential mechanisms supported by all AWS SDKs.
I'm confused. If by "live" credentials you mean credentials that exist in some AWS account and grant some level of access to S3, I'm not sure what other kind of credentials I'd ever use.
Admittedly, I'm not really sure under what circumstances this script is used at all. I only happened to come across this in relation to T5155. But I'm pretty sure in all circumstances I don't want my credentials unnecessarily exposed.
By "live", I mean production credentials which provide access to sensitive data, as opposed to test credentials which provide access to nonsensitive test data.
I wrote this script to make it easier to test the S3 client code, and have only ever run it with test credentials. Specifically, here are the credentials I used:
Access Key: AKIAI43ALT2B5BW4FRTA
Secret Key: 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
These credentials provided access to several different pictures of dogs with socks on, if you were able to run ps aux on my laptop to observe them.