Is it acceptable to store a customer's secret key & access key id on my server to allow me to access the AWS API on their behalf?
For a password it is simply a matter of using a hash to store an encrypted version but I need to use the actual key value each time I call AWS so I cannot hash it.
In simple terms, for each authenticated user I would store an object a bit like this:
{userdId: [myUserId],
secretKey: 'jHuiU-jiuhd...',
accessKeyId: 'abcdef...',
etc}
I could then access this each time I call AWS.
Now, I could base64 encode it and / or even encrypt it myself, but at some stage I have to decode and decrypt it to make my request and everything I need to do these options will be stored somewhere on the server.
If the data is kept on the server - never sent back to the client - and if the transport from server to AWS is done over SSL, then is this enough?