tags:

views:

91

answers:

4
+1  Q: 

How to keep secret keys a secret from sys admin?

We have a web app which can upload files to S3. For this to be possible a configuration file is required which contains the access key id and the access secret key of my AWS account.

I am not the sys admin of the box that runs the web app. So basically this person can just grab my access secret key and eg start, stop and terminate EC2 instances, etc.

How can I keep my secret key a secret in this situation?

EDIT: To clarify, this is not about not trusting the sys admin, otherwise such a person would not get root access to the boxes (s)he maintains. Trusting a sys admin doesn't mean I have to give him/her my credit card details, the keys to my house and car, etc. That's just ridiculous.

This thing is, Amazon in giving an overview of security processes ( http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1697 ) mentions:

" Within EC2, the host administrator and cloud administrator can be separate people, permitting two man rule security policies to be enforced. "

I don't see how the two can be separate though if the host administrator requires the access secret key in order to be able to upload to S3.

+2  A: 

I don't believe you can. If the sys admin wants your key, and has root access to the machine, they'll be able to get it.

Chris B.  2010-07-09 03:46:39
+1  A: 

Absolutely you should (keep your key secret).

You should provide another way to upload the files to your server. I would imagine that S3 allows you to create accounts, and if you simply have an EC2 box, you could either create a new account or install an FTP server to do the uploading.

Noon Silk  2010-07-09 03:47:20
A: 

Being a situation where you can't trust the Administrator is BAD. Set up your own server.

You can't hide from root!

Dolph  2010-07-09 03:52:21
+4  A: 

Unfortunately, I don't have time to post detailed instructions here but I strongly recommend that you look at how to set policies for a bucket and the access policy language. You should be able to allow unauthenticated uploads to a given bucket only from a particular IP address (associated with your EC2 instance). You could also create a second AWS account which has no access at all except to upload to that bucket. That way, even if they administrator ran off with your creds, they wouldn't get anything useful.

Eadwacer  2010-07-09 05:49:12
Brilliant! Thanks. I see it's still in beta, but I'll go for it.
Jim Soho  2010-07-09 06:49:48
+1 This new feature should solve be a good fit. I believe it has always been possible to make buckets readable to only specific AWS accounts, but the new bucket policies feature provides even greater control.
Todd Owen  2010-07-09 11:44:09

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security