How do I store my Amazon Credentials in my app?

Question

Hello,

I am making an app that accesses Amazon S3.

But should I put the Amazon S3 login credentials (Access Key ID and Secret Access Key) into the .exe that customers will be using?

DropBox uses Amazon S3, but how do they store their login credentials? When I send a file to my DrobBox, does the file go to their server first, then their server logs into S3 using their credentials?

I can always obfuscate my .exe but I am still very leery about putting my Amazon S3 info into the .exe.

Any ideas or suggestions?

Thanks.

Answer 1

You're right to be concerned. I don't know of any completely safe means of including your keys with a locally-installed app. The web equivalent (which I'm more familiar with) would be a javascript (so client-side) widget that needs to carry some credentials... and there's no way to do it.

I think the solution that you mentioned (only using your server to interact with S3) may be the only way.

Answer 2

Hi,

you may consider implementing your own server-side authentication layer, which will authenticate user and sign requests,

amazon s3 credentials are needed to sign aws requests. you may do this on server side.

for example:

1. your app send request to your server with user credentials
2. your server side code check user credentials and sign aws request
3. your app send signed request to amazon