CipherStash Documentation

Frequently Asked Questions

Why doesn’t CipherStash use the standard AWS environment variables (like AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)?

We do this precisely because we don’t want to conflict with the standard AWS environment variables.

For example, consider an application that uses resources in AWS (say, it stores uploads in S3).

As a way of segmenting and limiting access permissions, you would supply two sets of credentials to the application — one for accessing KMS, the other for accessing S3.

If CipherStash uses the standard AWS environment variables for KMS access, that application can’t also use the standard environment variables for S3 access.