You want what!

I am a little shocked that you are asking me to give you my secret key. Amazon clearly state in my control panel:

IMPORTANT: Your Secret Access Key is a secret, and should be known only by you and AWS. You should never include your Secret Access Key in your requests to AWS. You should never e-mail your Secret Access Key to anyone. It is important to keep your Secret Access Key confidential to protect your account.

Do you really need this - is there no way to use your service without giving you this highly sensitive information?

David Hawes
Wednesday, February 11, 2009

Indeed, it's all about trust. If you're worried that we might do nefarious things with your AWS keys, then you certainly should not be giving them to us. Just like you shouldn't give your credit card information to a merchant you don't trust, or your car keys to a sketchy looking valet. These are trust decisions we make every day, and you're right to be concerned.

Our hosted service needs to touch your account and move files around in your name. We've been talking with Amazon for a while about ways around this, but at the moment there's not much we can do about it.

Check out the "S3 Resources" link in the nav below for some step-by-step guides to reproduce what we do on your own servers. It may be a bit more effort on your part, but if it helps your peace of mind, it's probably worth it.

Wednesday, February 11, 2009

[ reply to this topic ]   [ return to topic list ]

© 2023 Expat Software Back to Top