How to set AWS profile without storing secret key in source

Hi,

I was looking at the docs for the aws orb here:
https://circleci.com/orbs/registry/orb/circleci/aws-cli/

Mainly so I could figure out how to set the AWS profile credentials for my serverless deployment. The problem is, the docs make it look like I’d have to put my AWS secret key in the config yml (or orb source, whatever that means), which will be in github. That is clearly a bad practice, so I’m assuming there is something I don’t understand going on.

What is the “right” way to get the AWS profile incorporated into the build image when the build is executed? The settings for the AWS credentials says that they are no longer used and pointed to the page on orbs, but that page, as I said, seems to imply that I have to put my secret in the config file, which is in source control.

How do I access my deployment profile during the build?

Hi there, welcome to our community.

The recommended approach to store secrets is to use environment variables. https://circleci.com/docs/2.0/env-vars/

Thank you very much, that is exactly what I was looking for. The Build Settings is hard to find in the UI, I’d clicked on Settings on the left panel, and never saw any way to set things like this (I’d assumed they had to be somewhere). It seems a bit hidden to me, but at least I found it.

Thanks again.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.