How to keep your AWS Keys Safe on your terminal
One of the causes of AWS Keys leaks is configuring your AWS CLI by using the command aws configure; This can lead you to store your credentials in plain text under your home folder.
If you are using Linux or macOS, you may know about the Keychain and D-bus secret service, so let’s combine both things into a secure and robust solution to keep your keys safe.

We will use https://github.com/sorah/envchain as the primary tool to automate the keychain unlock, export the values into a subshell, and allow you to use them securely until your process finishes.
Clone and install the envchain tool from the sources at Github
Create a namespace to store your secure env vars (you can have multiples, one per client, per environment, per project, etc.) envchain --set production \ AWS_ACCESS_KEY_ID \ AWS_SECRET_ACCESS_KEY \ AWS_REGION Replace production with the name of your environment / AWS account
Start using it by adding the prefix envchain production aws sts get-caller-identity
Optional you can get into a subshell by doing this. envchain production bash Remember to close the session to remove your secrets from the env vars.
More information about
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
https://rtfm.co.ua/en/what-is-linux-keyring-gnome-keyring-secret-service-and-d-bus/
https://support.apple.com/guide/mac-help/use-keychains-to-store-passwords-mchlf375f392/mac
Don't stop here! You may be interested in reading
How to Deploy IAM conditional policies with Terraform
