Skip to content

Credentials & rotation

How should I store my access and secret keys?

Keep them out of source control and shared documents. Use environment variables, your client's credentials file with restricted permissions, or a secrets manager. Your secret key is shown once in your welcome email so you can configure your client — store it securely from there.

What can someone do with my keys?

Your keys grant read access to your data. Anyone holding them can list and download it, so treat them like a password and limit who has them.

I think my keys were exposed — what do I do?

Contact support@clearstreamer.com right away to rotate them. Rotating issues new credentials so the exposed ones stop working.

Can I rotate my keys periodically?

Yes — request a rotation through support whenever your policy calls for it. Update your clients with the new keys when they're issued.

Should different systems share one key?

Prefer separating credentials by system where you can, so you can rotate one without disrupting the others. If you need multiple credential sets, ask support about options.

Where should I not put my keys?

  • Public or shared Git repositories
  • Client-side code shipped to browsers or apps
  • Plain-text chat messages, tickets, or wikis
  • Screenshots or logs you might share

How do I configure keys safely in my client?

Use the client's credentials file with tight file permissions, or environment variables:

export AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY
export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_KEY

See client examples for per-tool configuration.

What happens to my keys if I cancel?

Access ends when the service ends. See Cancellation.