AWS Vault
A vault for securely storing and accessing AWS credentials
... are accessed. Beyond the strong storage-at-rest, aws-vault generates short-lived session-based credentials to expose to sub-processes and it encourages you to use the tool to run other tools, rather than exporting credentials to your environment. This means that rogue node.js packages have a harder time obtaining your credentials, and when they do, are limited to the lifetime of the session.