What do I do if I have to invalidate my AWS credentials?

I just set up 22 projects and I’ve put an API key in each. It occurs to me that if I ever have to invalidate that access key/secret key, I’m going to have to go to 22 different projects to make the change. We’re microservice architecture, so before this is done, I’m going to have 200+ projects.

My question is:

a) What are best practices here? Should I have generated a new key pair for each build project? Or, should I have a different user for each build? How are people doing this?
b) Is there anyway to update credentials en masse?


If you’re using workflows, you can use contexts to declare groups of environment variables, and declare them on a CI-wide basis.

Go to Settings -> Contexts to set these up.


Not using workflows.

What’s best practice? Should I create a different account for each build?

I think contexts require a workflow, and if I were tackling your problem, I would start using them to fix the problem you have. A basic workflow is only a few extra lines on a standard YAML job config. I don’t use contexts, but I should, for the same reason as you - I discovered them after setting up duplicated env vars in each of several projects.

I agree. Contexts is the simplest way to solve this for the future and that requires Workflows.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.