@type s3
  aws_key_id YOUR_AWS_KEY_ID
  aws_sec_key YOUR_AWS_SECRET/KEY
  s3_bucket YOUR_S3_BUCKET_NAME
  path logs/
  <buffer>
    @type file
    path /var/log/td-agent/s3
    timekey 3600  # 1 hour
    timekey_wait 10m
    chunk_limit_size 256m
  </buffer>
  time_slice_format %Y%m%d%H
</match>```
<details>
<summary>英文:</summary>
We are sending the logs from on-prem servers to the S3 bucket by using Fluentd. The below code configuration is from my Fluentd config file. 
So wondering is there a way to mask/hide/secure our sensitive information like aws_key_id, aws_sec_key, and s3_bucket from the Fluentd config file? Please advise. Thanks! 
```&lt;match s3.*.*&gt;
  @type s3
  aws_key_id YOUR_AWS_KEY_ID
  aws_sec_key YOUR_AWS_SECRET/KEY
  s3_bucket YOUR_S3_BUCKET_NAME
  path logs/
  &lt;buffer&gt;
    @type file
    path /var/log/td-agent/s3
    timekey 3600  # 1 hour
    timekey_wait 10m
    chunk_limit_size 256m
  &lt;/buffer&gt;
  time_slice_format %Y%m%d%H
&lt;/match&gt;```
</details>
# 答案1
**得分**: 1
使用共享凭证部分来指定配置文件名称或凭证文件的路径。默认情况下，“default”是配置文件名称，路径指向“#{user.home}/.aws/credentials”。
https://github.com/fluent/fluent-plugin-s3/blob/master/docs/credentials.md
存储桶名称似乎是必需的
<match *>
  @type s3
  <shared_credentials>
    path         路径
    profile_name 配置文件名称
  </shared_credentials>
</match>
<details>
<summary>英文:</summary>
Use the shared credentials section to specify the profile name or path to the credentials file. By default &quot;default&quot; is the profile name and the path points to &quot;#{user.home}/.aws/credentials&quot;.
https://github.com/fluent/fluent-plugin-s3/blob/master/docs/credentials.md
The bucket name looks to be mandatory
    &lt;match *&gt;
      @type s3
    
      &lt;shared_credentials&gt;
        path         PATH
        profile_name PROFILE_NAME
      &lt;/shared_credentials&gt;
    &lt;/match&gt;
</details>