AWS S3

Encrypt credentials? - AWS S3

Encrypt credentials?

by 2600 » Tue Oct 02, 2018 4:40 am

Is it possible to encrypt the AWS S3 credentials using Bcrypt or Argon2 at all? I have a felling no. So I had an idea using PGP where the secret key could be stored outside the main FTP directory where the extension fetches it.

Reason I ask is that if the database is ever stolen then they will have access to your AWS account.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Encrypt credentials?

by austin881 » Tue Oct 02, 2018 1:38 pm

I'm sure encrypting the AWS credentials in the database is possible; it would be a nice feature to add.

I would strongly advise creating a specific IAM user and S3 bucket policy in AWS for use with this extension. That way, even if someone did obtain your AWS credentials, the creds would only give them read/write access to the specific S3 bucket you designated. You could really lock it down that way. They wouldn't actually have full access to your whole AWS account.
Available for paid phpBB help! PM me.

My Extensions/MODS: 475 Narius Categorized Smilies for phpBB3, Simplified & Compacted All-Members page, Flash Animated Cumulus Tag Cloud, "Hello" Name Tag of Newest User, AWS S3
phpBB portfolio: chevy truck forum, chevy astro van forum
User avatar
austin881
Registered User
Posts: 287
Joined: Wed Jan 30, 2008 9:58 pm
Location: Texas, USA
Name: Austin Maddox