Is there any way to use AWS textract API without giving access to secret key in code?

Question

I'm working on a project in which I have to use extract API, which gives the best result as compared to other API.

To use API, I use my account API credentials. , E.g.,, I implement an image text recognition function in my desktop app. Which uses python as backend( for request and processing) and PYQT5 for frontend( to get the desired file from a user ) so to use "AWS Textract" I set up my "Acess key" and "Secret Acess key" as an environment variable for convenience if I want to export that project to another system.

I have to provide my access keys and secret access key to work accurately. That I don't want to share. How I manage to use AWS Textract in Desktop application without giving sensitive information to the user in my source code of application ( which can be very harmful to me as AWS provide a limited number of runs of Textract for Trial users )

If the user got their hands on the Access key and Secret Access key, they might use it to create bulk requests. Which was not the goal of application to use it.

Help needed and modifications are also accepted in the idea.

Answer 1

Three possible ways:

1. Use Temporary Security Credentials. This requires that your app has a server component, which will create time-limited credentials with presumably very restricted permissions for the desktop app on demand. This way your root credentials are never exposed.

2. Your server acts as a proxy for the entire operation, meaning that it accepts a data upload, runs it through Textract and returns the result. This way no AWS credentials are ever exposed to the client, but the processing requirements for the server are much higher obviously.

3. You require the user of your app to register their own AWS account and generate their own credentials, ridding you of any responsibility. Alternatively you can create specific limited users on your own account if that makes sense for your use case.