Using a Yandex Lockbox secret to store a static access key

If you are a frequent user of services with an AWS-compatible API, such as Yandex Object Storage, Yandex Data Streams, or Yandex Message Queue, it is up to you to take care of safe storage of your static access keys.

This guide covers a scenario where a Yandex Lockbox secret is used as the static access key storage. In this configuration, the access key value is neither stored locally on the user's computer, nor displayed on the screen.

When accessing a resource of an AWS-compatible service (Object Storage), the static access key and its ID will be extracted from the Yandex Lockbox secret into special environment variables, which will be used for request authentication.

This approach will ensure safe storage and use of your key when accessing the services.

You can use the following tools to create an infrastructure:

• CLI: Use this method to create an infrastructure step-by-step via the CLI.
• Terraform: Streamline creating and managing your resources using the infrastructure as code (IaC) approach. Download a Terraform configuration example from the GitHub repository and then deploy the infrastructure using the Terraform Yandex Cloud provider.