Share AWS Credentials Securely

The problem

AWS credentials grant access to cloud infrastructure, billing, and data stores. Access keys pasted into Slack or email are regularly harvested by automated scanners. A single exposed AWS key pair can result in unauthorized resource usage, data exfiltration, or significant financial charges within minutes.

How Vaulted helps

Vaulted encrypts your AWS credentials in the browser using AES-256-GCM and produces a self-destructing link. The key used for encryption is embedded in the URL fragment and never reaches any server. Once the link is viewed, it expires — leaving no trace of the credentials in any message log.

How to do it

1. Paste your AWS access key ID and secret access key into Vaulted
2. Set a single-view limit and a short expiration window
3. Share the link with the engineer who needs cloud access
4. They retrieve the credentials and the link is permanently destroyed

Share AWS credentials from the terminal

The Vaulted CLI makes it easy to share AWS keys in scripts and CI/CD: npx vaulted-cli "AKIAIOSFODNN7EXAMPLE:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" --views 1 --expires 1h. The CLI uses the same AES-256-GCM encryption as the web app. Install from npm: npm install -g vaulted-cli.

Share AWS credentials in GitHub Actions

Automate credential sharing in CI/CD with the Vaulted GitHub Action: uses: vaulted-fyi/share-secret@v1 with your AWS credentials as the secret input. End-to-end encrypted, self-destructing links — no plaintext in workflow logs. Available on GitHub Marketplace.