Google play - Leaked AWS credentials

[kamiranoff]

We are submitting our app to google play and we got this message form Google play saying:

Your app(s) expose Amazon Web Services credentials.

This is how we are using the library:

import Config from 'react-native-config';
import { RNS3 } from 'react-native-aws3';

const savePhotoToS3 = (source: { uri: string }, index: number, userId: number) => {
  const { uri } = source;
  const fileType = uri.substr(uri.lastIndexOf('.') + 1);
  const file = {
    uri: source.uri,
    name: `image${index}-${userId}.${fileType}?${Date.now()}`,
    type: `image/${fileType}`,
  };
  const options = {
    bucket: Config.S3BUCKETNEW,
    region: Config.S3REGION,
    accessKey: Config.S3ACCESSKEYNEW,
    secretKey: Config.SECRETACCESSKEY,
    successActionStatus: 201,
  };
  return RNS3.put(file, options);
};

Are we using the library in the wrong way?

[aroraenterprise]

The problem with this library is security. You shouldn't be putting any secret keys in apps, it should all be on your server. This library can leak your credentials. Instead you should have presigned url generated on your server which you should be able to pass to this package to upload your file. This is a feature I am looking to implement...if the author can provide feedback on this. it would be fantastic.