Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The documentation instructs users to set long-lived AWS credentials directly as environment variables but does not include any warning about secure handling, least privilege, rotation, or avoiding committing secrets to shell history and source files. While environment variables are a common mechanism, presenting them without safety guidance can lead users to expose privileged AWS keys in insecure local setups, CI logs, or shared environments.
