AWS Security ChangesHomeSearch

AWS athena documentation change

Service: athena · 2026-03-31 · Documentation medium

File: athena/latest/ug/odbc-v2-driver-jwt-tip.md

Summary

Added note about cached credentials being stored as plaintext JSON with restricted file permissions in v2.1.0.0

Security assessment

This change documents security improvements in credential caching, specifically mentioning that credentials are stored with file permissions restricted to the owning user. While this addresses security concerns about credential storage, it's documenting a feature enhancement rather than fixing a specific security issue.

Diff

diff --git a/athena/latest/ug/odbc-v2-driver-jwt-tip.md b/athena/latest/ug/odbc-v2-driver-jwt-tip.md
index 50917d544..8c5f03895 100644
--- a//athena/latest/ug/odbc-v2-driver-jwt-tip.md
+++ b//athena/latest/ug/odbc-v2-driver-jwt-tip.md
@@ -78,0 +79,4 @@ Enables a temporary credentials cache. This connection parameter allows you to c
+###### Note
+
+Starting in v2.1.0.0, cached credentials are stored as plaintext JSON in the `user-profile/.athena-odbc/` directory with file permissions restricted to the owning user, consistent with how the AWS CLI protects locally stored credentials.
+