Support

There is no point in storing them as encrypted fields, because you'd either have to supply the decryption password every time you backed up your site or you'd have to store the decryption key with them, which kinda beats the purpose of encryption in the first place. However, we have two workarounds:

1. If you are interested in taking CRON backups only, you do not have to supply the S3 credentials at all in Akeeba Backup's Configuration. Instead, you can pass them as parameters to the CRON helper script (backup.php) using the -override command-line paremeter as detailed in our PDF documentation (the relevant chapter doesn't exist in the on-line documentation)

2. There's another nifty trick: creating a write-only S3 user. First create a new Amazon S3 user. Don't worry, the way we'll set it up won't incure any extra charges to your credit card. Go to your backup bucket and add this user to the bucket, giving him write-only permissions. Then go to Akeeba Backup's configuration and give this new user's login credentials in the Configuration. This is the most secure solution. The user has permission to add backup archives to the bucket but can not list the bucket's contents, download files from it or even delete any files. In other words, even if a hacker compromises your site he can't do anything with this login information. In fact, I suggest creating one such user per domain you want to back up. Since the bucket is owned by your "master user", the usage fees are charged to the master user, not the write-only user. The write-only user also doesn't own any bucket, so even if a hacker steals its login credentials he's stuck (and you can always revoke the credentials for that write-only user any time you wish). This is the method I am using on all of my sites, in order to avoid nasty surprises.

I hope that clarifies things a bit :) If you have any more questions, please post back.

You're welcome :)