Hey there! Let's break down your questions clearly—this is all manageable, especially with your DevOps teammate helping out.

You’ve got a few solid, straightforward options here that your DevOps can execute easily:

• Option 1: Generate directly on your AWS server (e.g., EC2 instance)
  If your app runs on an EC2 instance, your DevOps can SSH into the server, install the web-push package globally, and run the exact same commands you used locally:

  npm install web-push -g
  web-push generate-vapid-keys --json
  

  Once generated, they should store these keys as environment variables (never hardcode them in your app!)—AWS offers secure tools like Parameter Store or Secrets Manager for this, or they can set them directly in your EC2 instance’s environment config or deployment tooling (like Elastic Beanstalk’s environment properties if you’re using that).

• Option 2: Use AWS CloudShell
  CloudShell is a browser-based shell in the AWS Console that usually comes with Node.js pre-installed. Your DevOps can open CloudShell, run the web-push commands to generate keys, then save them to AWS Secrets Manager or Parameter Store for your app to access. This skips needing to install anything on a dedicated server.

• Option 3: Reuse your local-generated keys (see question 2 below) and share securely
  If you already have valid keys from your local setup, you can share them with your DevOps via a secure method (encrypted messaging, AWS Secrets Manager) to configure in the production environment. No need to generate new ones unless you prefer to.

Absolutely! VAPID keys are just a pair of cryptographic public/private keys that exist independently of the machine they were generated on. Your local computer was only the tool to create them—once you have the keys, you can use them anywhere, even if you shut down your local machine forever.

The only critical rules to follow:

• Keep your private VAPID key locked down—never commit it to version control, and only share it via secure channels. If it leaks, attackers could send push notifications pretending to be your app.
• Make sure your production app pulls these keys from environment variables (not hardcoded) so it can sign push notification requests correctly.

内容的提问来源于stack exchange，提问作者Go Fudge YourSelves