放置凭证文件AWS android sdk访问AWS s3的位置 [英] Location to put credential file AWS android sdk accessing AWS s3

问题描述

我有一个Android应用程序，该应用程序调用s3将照片上传和下载到存储桶，现在我已与CognitoCachingCredentialsProvider一起使用，我想在创建s3client对象时开始使用访问密钥作为凭据. 我知道我对AWS_ACCESS_KEY_ID和AWS_SECRET_KEY进行了硬编码，将它们放在环境变量中或放在主目录中的文件中.

I have a android app that calls s3 to upload and download pics to bucket, I have that working with CognitoCachingCredentialsProvider now, I want to start using access key as the credential, in creating the s3client object. I know I and hard code the AWS_ACCESS_KEY_ID and AWS_SECRET_KEY, put them environment variable or in a file in home directory.

由于我将在我的Android应用程序中使用AWS_ACCESS_KEY_ID和AWS_SECRET_KEY，因此环境变量将不可用.我的问题是我应该将这些密钥放在哪里，以便可以在android应用中使用s3client.如果应用程序要转到应用程序商店，文件将驻留在哪里.

Since I am going to use the AWS_ACCESS_KEY_ID and AWS_SECRET_KEY in my android app, environment variable wont be available. My question is where do I put these keys so that I can use s3client in my android app. Where does file reside if the app were to go to app store.

推荐答案

您绝对不应在经过硬编码的Android应用程序或单独的文件中访问密钥和秘密密钥.如果它正在应用商店中进行，尤其如此.这是一个很大的安全风险，因为任何人都可以反编译您的应用并获取您的凭据.

You should never have you access key and secret key in an Android application, hard coded, or in a separate file. This is especially true if it is going on the app store. This is a large security risk, as anyone can decompile your app and get your credentials.

您当前使用的Cognito凭据有什么问题?

What is wrong with the Cognito credentials you are currently using?

这篇关于放置凭证文件AWS android sdk访问AWS s3的位置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！