Question

Securely provide credentials with aws-sdk/client-s3

Posted on August 22, 2024
DigitalOcean Spaces
Asked by devjk1

I am working with a Laravel/Vue/Inertia project and trying to upload many pdfs/mp3s multi-part. I am trying to upload these using javascript and the aws sdk.

https://docs.digitalocean.com/products/spaces/how-to/use-aws-sdks/ I read through this article and it is loading a secret key through the node env vars. I would have to use vite env vars, I think. This isn’t secure.

How can I provide the credentials in a secure way?

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

alexdo

Site Moderator

• August 23, 2024

Heya,

A common and secure approach is to generate pre-signed URLs on the server side (Laravel), which your frontend (Vue.js with Inertia) can then use to upload files directly to DigitalOcean Spaces. This way, your sensitive credentials never touch the client-side code.

Regards

williamwalker • August 23, 2024

Spot on about env vars! While Vite env vars are convenient, they’re not ideal for secrets. Consider using a library like dotenv to load environment variables from a separate .env file that you exclude from version control.

devjk1 • August 23, 2024

I will take a different approach