When a user successfully authenticates through our auth relayer, users receive a time-bound access token. This time-based access token is then traded for scoped credentials, which enables users to directly communicate with AWS and use their master keys for encryption and decryption. This entire process completely bypasses the Harpie backend. Both access tokens and scoped credentials are created dynamically by AWS, with audit logs, and with TTLs enabled, and are exclusively exchanged with the client. We have also removed permission to decrypt with AWS KMS, preventing any malicious internal attacks or negligence.