Support Standardized Way to Manage Credentials for AWS

[jkmathew]

Expected/desired behavior
Currently we have to add aws_secret_key, aws_security_token etc to .rcinfo file. In a security perspective, this is not a good practice. Sametime developers might be using any other tools that uses Amazon's SDKs which expect secrets either in environment variables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY etc) or in the ~/.aws/credentials file (source). If XCRemoteCache also supports these methods, we can avoid checking in security keys to the repository, and it will be helpful for developers already using Amazon services.

Relevant integration setup

• CocoaPods cocoapods-xcremotecache plugin
• Automatic integration using xcprepare integrate ...
• Manual integration
  [ ] Carthage << -- I dont think this option is relevant, or am I mistaken?

[polac24]

Secrets (or user-specific configs) should be placed in a separate file, specified in extra_configuration_file (default to user.rcinfo). All configs placed there override the .rcinfo and should not be checked into the repo.

So you can write a wrapper that before calling xcprepare integrate... places any ENV/~.aws/credentials content to that file.

[jkmathew]

Thanks for looking into this!
I can see the user.rcinfo is autogenerated. If I change extra_configuration_file to point to my secrets file, will it break anything?

[polac24]

You can safely append AWS credentials to that autogenerated .yaml - it is safe to modify after integration.