What do I do if I have to invalidate my AWS credentials?


#1

I just set up 22 projects and I’ve put an API key in each. It occurs to me that if I ever have to invalidate that access key/secret key, I’m going to have to go to 22 different projects to make the change. We’re microservice architecture, so before this is done, I’m going to have 200+ projects.

My question is:

a) What are best practices here? Should I have generated a new key pair for each build project? Or, should I have a different user for each build? How are people doing this?
b) Is there anyway to update credentials en masse?

Thanks!
Andrew


#2

If you’re using workflows, you can use contexts to declare groups of environment variables, and declare them on a CI-wide basis.

Go to Settings -> Contexts to set these up.


#3

Not using workflows.

What’s best practice? Should I create a different account for each build?


#4

I think contexts require a workflow, and if I were tackling your problem, I would start using them to fix the problem you have. A basic workflow is only a few extra lines on a standard YAML job config. I don’t use contexts, but I should, for the same reason as you - I discovered them after setting up duplicated env vars in each of several projects.


#5

I agree. Contexts is the simplest way to solve this for the future and that requires Workflows.


#6

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.