"Passing a single string to Aws::ProcessCredentials.new is insecure" now appearing when using credential_process option in an aws config

Question

"Passing a single string to Aws::ProcessCredentials.new is insecure" now appearing when using credential_process option in an aws config

Closed this issue 6 months ago · 4 comments

Describe the bug

After upgrading to the most recent version of aws-sdk-core, I started receiving the following warning:
Passing a single string to Aws::ProcessCredentials.new is insecure, please use use an array of system arguments instead

This appears to happen because I have the "credential_process" option set in my aws config file like so:

[profile my-account]
role_arn = << role_arn >>
source_profile = << profile >>
region= << region >>

[profile my-account-creds]
credential_process = aws-vault export --format=json my-account
region=us-east-2

Then in ruby I try to use the profile:

require 'aws-sdk-core'
require 'aws-sdk-s3'
Aws.config.update(profile: 'my-account-creds')
Aws::S3::Client.new
Passing a single string to Aws::ProcessCredentials.new is insecure, please use use an array of system arguments instead
=> #<Aws::S3::Client>

It seems like this warning was adding recently in #3048

Is there a proper way to set credential_process in the aws config file to avoid this warning? I couldn't find any example of it taking an array.

Expected Behavior

Not receive a warning.

Current Behavior

A warning appears: Passing a single string to Aws::ProcessCredentials.new is insecure, please use use an array of system arguments instead

Reproduction Steps

See the bug description.

Possible Solution

No response

Additional Information/Context

No response

Gem name ('aws-sdk', 'aws-sdk-resources' or service gems like 'aws-sdk-s3') and its version

aws-sdk-core 3.201.0

Environment details (Version of Ruby, OS environment)

Ruby 3.3.1 OSX

Answer 1 · 2024-07-03T17:23:17.000Z

There is no way to satisfy this from the profile case, this was a mistake from my part. I have an idea for a fix. For now, you can ignore the warning.

Answer 2 · 2024-07-03T19:53:43.000Z

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Answer 3 · 2024-07-03T19:54:26.000Z

This should be fixed on the next release, likely next week given the holidays.

Answer 4 · 2024-07-03T19:55:16.000Z

awesome, thank you!!