使用环境变量凭证 - Amazon SDK for PHP
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

使用环境变量凭证

使用环境变量来包含您的证书可防止您意外共享您的Amazon私有访问密钥。我们建议您切勿在任何生产文件中将Amazon访问密钥直接添加到客户端。许多开发人员通过其账户已经受损泄露密钥。

要向 Amazon Web Services 进行身份验证,软件开发工具包会首先检查您的环境变量中的证书。开发工具包会使用 getenv() 函数来查找 AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_SESSION_TOKEN 环境变量。这些凭证称为环境凭证

如果您在上托管应用程序 Amazon Elastic Beanstalk,则可以通过Amazon Elastic Beanstalk控制台设置AWS_ACCESS_KEY_IDAWS_SECRET_KEY环境变量,以便 SDK 可以自动使用这些证书。

有关如何设置环境变量的更多信息,请参阅 AmazonSDK 和工具参考指南中的环境变量支持。此外,有关大多数Amazon SDK 支持的所有环境变量的列表,请参阅环境变量列表

您还可以在命令行中设置环境变量,如下所示。

Linux 

$ export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
   # The access key for your Amazon account.
$ export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
   # The secret access key for your Amazon account.
$ export AWS_SESSION_TOKEN=AQoDYXdzEJr...<remainder of security token>
   # The session key for your Amazon account. This is needed only when you are using temporary credentials.
   # The AWS_SECURITY_TOKEN environment variable can also be used, but is only supported for backward compatibility purposes.
   # AWS_SESSION_TOKEN is supported by multiple Amazon SDKs other than PHP.

Windows 

C:\> SET  AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
   # The access key for your Amazon account.
C:\> SET  AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
   # The secret access key for your Amazon account.
C:\> SET AWS_SESSION_TOKEN=AQoDYXdzEJr...<remainder of security token>
   # The session key for your Amazon account. This is needed only when you are using temporary credentials.
   # The AWS_SECURITY_TOKEN environment variable can also be used, but is only supported for backward compatibility purposes.
   # AWS_SESSION_TOKEN is supported by multiple Amazon SDKs besides PHP.