放置凭证文件AWS android sdk访问AWS s3的位置 [英] Location to put credential file AWS android sdk accessing AWS s3
问题描述
我有一个Android应用程序,该应用程序调用s3将照片上传和下载到存储桶,现在我已与CognitoCachingCredentialsProvider一起使用,我想在创建s3client对象时开始使用访问密钥作为凭据. 我知道我对AWS_ACCESS_KEY_ID和AWS_SECRET_KEY进行了硬编码,将它们放在环境变量中或放在主目录中的文件中.
I have a android app that calls s3 to upload and download pics to bucket, I have that working with CognitoCachingCredentialsProvider now, I want to start using access key as the credential, in creating the s3client object. I know I and hard code the AWS_ACCESS_KEY_ID and AWS_SECRET_KEY, put them environment variable or in a file in home directory.
由于我将在我的Android应用程序中使用AWS_ACCESS_KEY_ID和AWS_SECRET_KEY,因此环境变量将不可用.我的问题是我应该将这些密钥放在哪里,以便可以在android应用中使用s3client.如果应用程序要转到应用程序商店,文件将驻留在哪里.
Since I am going to use the AWS_ACCESS_KEY_ID and AWS_SECRET_KEY in my android app, environment variable wont be available. My question is where do I put these keys so that I can use s3client in my android app. Where does file reside if the app were to go to app store.
推荐答案
您绝对不应在经过硬编码的Android应用程序或单独的文件中访问密钥和秘密密钥.如果它正在应用商店中进行,尤其如此.这是一个很大的安全风险,因为任何人都可以反编译您的应用并获取您的凭据.
You should never have you access key and secret key in an Android application, hard coded, or in a separate file. This is especially true if it is going on the app store. This is a large security risk, as anyone can decompile your app and get your credentials.
您当前使用的Cognito凭据有什么问题?
What is wrong with the Cognito credentials you are currently using?
这篇关于放置凭证文件AWS android sdk访问AWS s3的位置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!