Start doing security what way, exactly? I defined a threat model and a mitigation. And it's pretty straightforward - a single keypair that ties environment variables to their deployment.

The article you linked to is about signing. It doesn't solve "I need to put an AWS key into the environment of a process".