I have a secure and private aws ec2 environment but I need to do some backups of mongodb, postgresql, so I have a separate ec2 instance for doing backup and occasionally allow 80 and 443 to allow install/update software on backup instance.
I use shell scripts to do backup job, it requires hardcoded password or credentials in scripts, I don't feel it secure enough to have all credentials saved into one place -- backup instance.
How to secure backup instance to avoid saving passwords/credentials in plain text, I also want to avoid saving passwords/credentials in memory or temporary files?