...
When using key modules as shown above, any key rulesets available on a URL should be protected so that they are not publicly viewable. For example, the ruleset could be on a WebDAV server with an appropriately formatted BASIC AUTH URL or in a private GitHub repositoryprivate repository.
If you're hosting on AWS S3, be sure to check the permissions of the file so that it is not writable or readable by anyone other than authorized users. You will need to create a pre-signed AWS URL. There are ways of doing this with various programming languages. I've found this project for signing AWS URLs with a Bash script to be quite useful.
...