| Version | Supported |
|---|---|
| latest (main branch) | ✅ |
Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability in this project, please report it privately by:
- Emailing the maintainer directly (see the GitHub profile for contact details).
- Or opening a GitHub Security Advisory.
Please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested mitigation
You can expect an acknowledgement within 48 hours and a resolution or status update within 7 days.
- Never hardcode AWS credentials in scripts or commit them to source control.
- Use AWS IAM roles with least-privilege permissions.
- Use named profiles (
aws configure --profile) or environment variables for credentials. - Use
--dry-runbefore running destructive operations in production. - Rotate AWS access keys regularly.
- Store secrets in AWS Secrets Manager or SSM Parameter Store, not in
.envfiles committed to git.