Back

Gargi Jain

Cloud | DevOps | Ill... • 11m

Any AWS cloud user in the house?! Have you ever got your AWS Credits back, when it was used by some unauthorized access? I lost around $25+ credits due to unauthorized access, someone used my account. I have a support case opened, they are saying

Parvesh Negi

Infrastructure Engin... • 11m

Sometimes it happens, just talk on chat where the agent comes. If not you can also use the phone call support option.

Gargi Jain

Cloud | DevOps | Ill... • 11m

Yes, thougt the same. Thanks for suggesting

Parvesh Negi

Infrastructure Engin... • 11m

No probs, this unauthorised access issue happens while storing the root account credentials or sometimes. access keys locally. Use software like keepass to store passwords.

Gargi Jain

Cloud | DevOps | Ill... • 11m

Oohh!! So you mean it was not manually created by any person? Or how? Yes, I had stored the access keys locally on Obsidian Notes app. I mistakenly also committed to GitHub the encoded keys. And were stored in my GitPod account as env vars. Not sure which method triggered this issue.

1 replies

Replies (1)

Parvesh Negi

Infrastructure Engin... • 11m

Never write the encoded keys in your code, even if you have written make your repository private and then commit on GitHub. I'm assuming you have commited on public repository which is visible to everyone. GitHub portal also has option where u can store your access keys and all and you can use it through environment variables.

2 replies1 like

Recommendations from Medial

Chamarti Sreekar

Passionate about Pos... • 23d

Somebody just scanned 2000 Vibecoded websites... and here's what he found : - 49.5% had security issues - Found 1120 JWT tokens exposed - 70 Google API keys floating around And yes, env vars in production 🤦‍♂️ Security ain't a vibe if you're lea