AWS - Secret Access Key visible #571

New Issue

MrUnknownDE · 2026-04-05T20:28:06+02:00

MrUnknownDE commented

2026-04-05 20:28:06 +02:00

Originally created by @yannickvr on 8/27/2020

First - Preferably Instance Roles will be used to provide access to the platform, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html . In the mean while this error should be fixed with higher priority.

Actual issue:

The Secret Access Key is visible after entering the key. Since the manual suggest attaching the AdministratorAccess policy to the user created for CloudPanel, any misconfiguration allow an attacker full permissions on the platform.

Secret access key should be stored safely and should not be retrievable to clear text.

*Originally created by @yannickvr on 8/27/2020* First - Preferably Instance Roles will be used to provide access to the platform, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html . In the mean while this error should be fixed with higher priority. Actual issue: The Secret Access Key is visible after entering the key. Since the manual suggest attaching the AdministratorAccess policy to the user created for CloudPanel, any misconfiguration allow an attacker full permissions on the platform. Secret access key should be stored safely and should not be retrievable to clear text.

MrUnknownDE closed this issue

2026-04-05 20:28:06 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/cloudpanel-ce#571