dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-14 20:30:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: aebc3ff4a30c40cf5d718c9b791cecf1ef397988

Browse Source
This commit is contained in:
davegallant
2021-09-20 23:07:25 +00:00
parent 4194d8a695
commit 7dde1f8529
4 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
View File

@@ -146,7 +146,7 @@ One min read
</header>
<div class="container entry-content">
<p>Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a <a href=https://gist.github.com/davegallant/2c042686a78684a657fe99e20fa7a924#file-aws_access_key_rotator-py>script</a> since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.</p>
<p>In the longer term, migrating my workflows to <a href=https://github.com/99designs/aws-vault>aws-vault</a> seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where <a href=https://docs.aws.amazon.com/sdkref/latest/guide/file-location.html>AWS suggests</a>). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS&rsquo;s secure keystore. There is even a <a href=https://github.com/99designs/aws-vault/blob/master/USAGE.md#rotating-credentials>rotate command</a> included.</p>
<p>In the longer term, migrating my local workflows to <a href=https://github.com/99designs/aws-vault>aws-vault</a> seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where <a href=https://docs.aws.amazon.com/sdkref/latest/guide/file-location.html>AWS suggests</a>). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS&rsquo;s secure keystore. There is even a <a href=https://github.com/99designs/aws-vault/blob/master/USAGE.md#rotating-credentials>rotate command</a> included.</p>
</div>
<footer class=entry-footer>
<div class="container sep-before"><div class=tags><svg class="icon" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 24 24" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" aria-hidden="true"><path d="M20.59 13.41l-7.17 7.17a2 2 0 01-2.83.0L2 12V2H12l8.59 8.59a2 2 0 010 2.82z"/><line x1="7" y1="7" x2="7" y2="7"/></svg>