diff --git a/website/source/docs/builders/amazon-chroot.html.markdown b/website/source/docs/builders/amazon-chroot.html.markdown
index 3ea0e456c..a1ef7a0ae 100644
--- a/website/source/docs/builders/amazon-chroot.html.markdown
+++ b/website/source/docs/builders/amazon-chroot.html.markdown
@@ -210,40 +210,3 @@ prevent packages installed by your provisioners from starting services:
   ]
 }
 </pre>
-
-## Using an IAM Instance Profile
-
-If AWS keys are not specified in the template or through environment variables
-Packer will use credentials provided by the instance's IAM profile, if it has one.
-
-The following policy document provides the minimal set permissions necessary for Packer to work:
-
-<pre class="prettyprint">
-{
-  "Statement": [{
-      "Effect": "Allow",
-      "Action" : [
-        "ec2:AttachVolume",
-        "ec2:CreateVolume",
-        "ec2:DeleteVolume",
-        "ec2:DescribeVolumes",
-        "ec2:DetachVolume",
-
-        "ec2:DescribeInstances",
-
-        "ec2:CreateSnapshot",
-        "ec2:DeleteSnapshot",
-        "ec2:DescribeSnapshots",
-
-        "ec2:DescribeImages",
-        "ec2:RegisterImage",
-
-        "ec2:CreateTags"
-      ],
-      "Resource" : "*"
-  }]
-}
-</pre>
-
-Depending on what setting you use the following Actions might have to be allowed as well:
-* `ec2:ModifyImageAttribute` when using `ami_description`
diff --git a/website/source/docs/builders/amazon.html.markdown b/website/source/docs/builders/amazon.html.markdown
index 604f2489a..e4e15f886 100644
--- a/website/source/docs/builders/amazon.html.markdown
+++ b/website/source/docs/builders/amazon.html.markdown
@@ -30,3 +30,40 @@ AMI. Packer supports the following builders at the moment:
 <a href="/docs/builders/amazon-ebs.html">amazon-ebs builder</a>. It is
 much easier to use and Amazon generally recommends EBS-backed images nowadays.
 </div>
+
+## Using an IAM Instance Profile
+
+If AWS keys are not specified in the template or through environment variables
+Packer will use credentials provided by the instance's IAM profile, if it has one.
+
+The following policy document provides the minimal set permissions necessary for Packer to work:
+
+<pre class="prettyprint">
+{
+  "Statement": [{
+      "Effect": "Allow",
+      "Action" : [
+        "ec2:AttachVolume",
+        "ec2:CreateVolume",
+        "ec2:DeleteVolume",
+        "ec2:DescribeVolumes",
+        "ec2:DetachVolume",
+
+        "ec2:DescribeInstances",
+
+        "ec2:CreateSnapshot",
+        "ec2:DeleteSnapshot",
+        "ec2:DescribeSnapshots",
+
+        "ec2:DescribeImages",
+        "ec2:RegisterImage",
+
+        "ec2:CreateTags"
+      ],
+      "Resource" : "*"
+  }]
+}
+</pre>
+
+Depending on what setting you use the following Actions might have to be allowed as well:
+* `ec2:ModifyImageAttribute` when using `ami_description`
diff --git a/website/source/intro/getting-started/build-image.html.markdown b/website/source/intro/getting-started/build-image.html.markdown
index 7e91de208..e37f56664 100644
--- a/website/source/intro/getting-started/build-image.html.markdown
+++ b/website/source/intro/getting-started/build-image.html.markdown
@@ -46,10 +46,14 @@ briefly. Create a file `example.json` and fill it with the following contents:
 
 <pre class="prettyprint">
 {
+  "variables": {
+    "aws_access_key": "",
+    "aws_secret_key": ""
+  },
   "builders": [{
     "type": "amazon-ebs",
-    "access_key": "YOUR KEY HERE",
-    "secret_key": "YOUR SECRET KEY HERE",
+    "access_key": "{{user `aws_access_key`}}",
+    "secret_key": "{{user `aws_secret_key`}}",
     "region": "us-east-1",
     "source_ami": "ami-de0d9eb7",
     "instance_type": "t1.micro",
@@ -59,9 +63,11 @@ briefly. Create a file `example.json` and fill it with the following contents:
 }
 </pre>
 
-Please fill in the `access_key` and `secret_key` with the proper values
-for your account. Your security credentials can be found on
-[this page](https://console.aws.amazon.com/iam/home?#security_credential).
+When building, you'll pass in the `aws_access_key` and `aws_access_key` as
+a [user variable](/docs/templates/user-variables.html), keeping your secret
+keys out of the template. You can create security credentials
+on [this page](https://console.aws.amazon.com/iam/home?#security_credential).
+An example IAM policy document can be found in the [Amazon EC2 builder docs](/docs/builders/amazon.html).
 
 This is a basic template that is ready-to-go. It should be immediately recognizable
 as a normal, basic JSON object. Within the object, the `builders` section
@@ -106,7 +112,10 @@ should look similar to below. Note that this process typically takes a
 few minutes.
 
 ```
-$ packer build example.json
+$ packer build \
+    -var 'aws_access_key=YOUR ACCESS KEY' \
+    -var 'aws_secret_key=YOUR SECRET KEY' \
+    example.json
 ==> amazon-ebs: amazon-ebs output will be in this color.
 
 ==> amazon-ebs: Creating temporary keypair for this instance...
diff --git a/website/source/intro/getting-started/parallel-builds.html.markdown b/website/source/intro/getting-started/parallel-builds.html.markdown
index 2a5b422f8..e51311214 100644
--- a/website/source/intro/getting-started/parallel-builds.html.markdown
+++ b/website/source/intro/getting-started/parallel-builds.html.markdown
@@ -63,13 +63,23 @@ array.
 <pre class="prettyprint">
 {
   "type": "digitalocean",
-  "api_key": "INSERT API KEY HERE",
-  "client_id": "INSERT CLIENT ID HERE"
+  "api_key": "{{user `do_api_key`}}",
+  "client_id": "{{user `do_client_id`}}"
 }
 </pre>
 
-Fill in your `api_key` and `client_id` for DigitalOcean as necessary.
-The entire template should now [look like this](https://gist.github.com/mitchellh/51a447e38e7e496eb29c).
+You'll also need to modify the `variables` section of the template
+to include the access keys for DigitalOcean.
+
+<pre class="prettyprint">
+"variables": {
+  ...
+  "do_api_key": "",
+  "do_client_id": ""
+}
+</pre>
+
+The entire template should now [look like this](https://gist.github.com/pearkes/cc5f8505eee5403a43a6).
 
 Additional builders are simply added to the `builders` array in the template.
 This tells Packer to build multiple images. The builder `type` values don't
@@ -87,13 +97,18 @@ manual that contains a listing of all the available configuration options.
 
 ## Build
 
-Now run `packer build example.json`. The output is too verbose to include
+Now run `packer build` with your user variables. The output is too verbose to include
 all of it, but a portion of it is reproduced below. Note that the ordering
 and wording of the lines may be slightly different, but the effect is the
 same.
 
 ```
-$ packer build example.json
+$ packer build \
+    -var 'aws_access_key=YOUR ACCESS KEY' \
+    -var 'aws_secret_key=YOUR SECRET KEY' \
+    -var 'do_api_key=YOUR API KEY' \
+    -var 'do_client_id=YOUR CLIENT ID' \
+    example.json
 ==> amazon-ebs: amazon-ebs output will be in this color.
 ==> digitalocean: digitalocean output will be in this color.
 
diff --git a/website/source/intro/getting-started/provision.html.markdown b/website/source/intro/getting-started/provision.html.markdown
index fa6016744..4276ae089 100644
--- a/website/source/intro/getting-started/provision.html.markdown
+++ b/website/source/intro/getting-started/provision.html.markdown
@@ -37,6 +37,7 @@ block below.
 
 <pre class="prettyprint">
 {
+  "variables": [...],
   "builders": [...],
 
   "provisioners": [{