Rotate breached credentials in CircleCI

[matiasgarciaisaia]

The rest of the secrets are defined in environment variables, so we only need to update this Access Key ID here.

See https://circleci.com/blog/january-4-2023-security-alert/

[straight-shoota]

Perhaps we should move this to an environment variable as well?
Not sure what's the point in having the key fixed in code. It's just less flexible that way.

[matiasgarciaisaia]

I'm leaning towards the other end of the spectrum - have IDs clearly visible in plain text in the config, and only secrets in environment variables. That usually helps us know which credentials we need to rotate (I should have guessed which of our AWS IAM users was the owner of the access key ID - by matching just the last four characters of it), and, as a byproduct, there's a bit more of traceability on when did we change what (and who, too, given I'm making a commit here).

But it's also true I don't have an strong opinion on the subject, either - and I'm open to be educated on best practices :)

[straight-shoota]

This is only about nightly builds, which only happen in a fixed schedule on master branch. And it's not a huge problem if one fails because of a broken access key. So I suppose we can manage with having the key in code.