堆栈内存溢出
  简体   繁体   English

如何安全地存储和使用客户的AWS密钥

[英]How to securly store and use a customer's AWS Secret Key

 原文  2012-09-01 12:08:17       security/ node.js/ amazon-web-services

问题描述

Is it acceptable to store a customer's secret key & access key id on my server to allow me to access the AWS API on their behalf? 将客户的秘密密钥和访问密钥ID存储在我的服务器上以允许我代表他们访问AWS API是否可以接受?

For a password it is simply a matter of using a hash to store an encrypted version but I need to use the actual key value each time I call AWS so I cannot hash it. 对于密码,只需使用哈希存储加密版本即可,但是每次调用AWS时我都需要使用实际的密钥值,因此无法对其进行哈希处理。

In simple terms, for each authenticated user I would store an object a bit like this: 简而言之,对于每个经过身份验证的用户,我都会将对象存储如下: 

{userdId: [myUserId],
 secretKey: 'jHuiU-jiuhd...',
 accessKeyId: 'abcdef...',
 etc}

I could then access this each time I call AWS. 然后,我每次打电话给AWS时都可以访问它。

Now, I could base64 encode it and / or even encrypt it myself, but at some stage I have to decode and decrypt it to make my request and everything I need to do these options will be stored somewhere on the server. 现在,我可以对它进行base64编码和/或什至对其进行加密,但是在某个阶段,我必须对其进行解码和解密以发出请求,而我需要做的所有这些选择都将存储在服务器上的某个位置。

If the data is kept on the server - never sent back to the client - and if the transport from server to AWS is done over SSL, then is this enough? 如果数据保留在服务器上-永远不会发送回客户端-并且如果从服务器到AWS的传输是通过SSL进行的,那么这就足够了吗?

1 个解决方案

解决方案1
 0  2018-04-09 14:37:28

How to securly store and use a customer's AWS Secret Key 如何安全地存储和使用客户的AWS密钥

Ansible Ansible

If you're using Ansible, consider using Vault to Protect Sensitive Ansible Data . 如果您使用的是Ansible,请考虑使用Vault保护敏感的Ansible数据 So you can configure it to encrypt the sensitive contents such as private keys. 因此,您可以对其进行配置以对敏感内容(例如私钥)进行加密。

Keybase 键库

Another way is to use Keybase app which provides end-to-end encrypted data across all your devices. 另一种方法是使用Keybase应用程序,该应用程序可在所有设备上提供端到端的加密数据。

PGP PGP

Use pgp encryption to encrypt and decrypt sensitive keys. 使用pgp加密来加密和解密敏感密钥。

OpenSSL 的OpenSSL

Use your public key to encrypt the file , then your private keys to decrypt it. 使用公共密钥加密文件 ,然后使用私有密钥解密文件

SSH Vault SSH保管箱

Check ssh-vault how it can encrypt/decrypt data using SSH keys. 检查ssh-vault如何使用SSH密钥加密/解密数据。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 .Net (C#) 在 Windows 中安全地存储 AES 密钥? - How can I securly store an AES key in Windows with .Net (C#)? C# 如何安全存储不变的密码? - C# How to securly store an unchanging password? AWS Lambda:如何将秘密存储到外部API? - AWS Lambda: How to store secret to external API? 如何安全使用file_put_contents() - How to securly use file_put_contents() 存储 Amazon AWS Id 和密钥最安全的地方在哪里? - Where is the most secured place to store Amazon AWS Id and secret key? 如何安全地存储和处理 JWT 的密钥 - How to safely store & process secret key for JWT 如何安全地存储Google Authenticator密钥? - How to securely store Google Authenticator secret key? JWT:什么是一个好的秘密密钥,以及如何将它存储在Node.js / Express应用程序中? - JWT: What's a good secret key, and how to store it in an Node.js/Express app? 什么是最安全的存储和使用API​​密钥和秘密的方法? - What's the most secure way to store and use API keys and secret? 使用Signature的REST API安全性,在哪里/如何存储密钥? - REST API Security using Signature, where/how to store secret key?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM