Using a Yandex Lockbox secret to store a static access key

If you frequently use services with an AWS-compatible API, such as Yandex Object Storage, Yandex Data Streams, or Yandex Message Queue, it is up to you to ensure safe storage of your static access keys.

This tutorial covers a scenario where a Yandex Lockbox secret serves as the static access key storage. In this configuration, the access key value is neither stored locally on the user's computer nor displayed on the screen.

When accessing a resource of an AWS-compatible service (Object Storage), the static access key and its ID will be extracted from the Yandex Lockbox secret into special environment variables, which will be used for request authentication.

This approach will ensure safe storage and use of your key when accessing the services.

You can use the following tools to create an infrastructure:

• CLI: Use this method to create an infrastructure step-by-step via the CLI.
• Terraform: Streamline creating and managing your resources with the infrastructure as code (IaC) approach. Download a Terraform configuration example from GitHub and deploy your infrastructure with the Yandex Cloud Terraform provider.