How to not have security violation in handling of S3 AWS keys?
invictus2010 opened this issue · comments
invictus2010 commented
The default installation guide for notea has the user put their AWS keys in the .env file, host it on Github, and then deploy to Vercel.
This is a huge security violation since the .env file can be read, leaving the account subsequently pwned.
Am I missing something? I very well could be, since I'm a newbie at hosting things like this.
cinwell.li commented