Thank you for this tool.

Question

Thank you for this tool.

statik opened this issue 9 years ago · 3 comments

I wanted to say thank you for making this tool. It hits a sweet spot of simplicity and solving a problem very very well. I have submitted a homebrew formula for this tool to make it easier for folks to consume it, and I wanted to let you know about that formula so that you might have it updated in the future when you publish new releases.

Homebrew/legacy-homebrew#49776

Answer 1 · 2016-03-21T13:35:32.000Z

Thanks for the tool and for adding this to homebrew - I found it when I updated homebrew and decided to look at it.

I've added this to my .bash_profile and its working beautifully with all of my awscli tasks!

# Ovewrite AWScli command with aws-keychain
alias aws='aws-keychain exec work aws'

Source your profile:
source ~/.bash_profile

aws s3 ls
2016-03-21 09:10:16 testbucket

Answer 2 · 2016-08-31T15:05:03.000Z

To expand on @ndobbs nice alias, I do the following in zsh:

aws () {
  local validkey;
  validkey=$(grep -l "^${argv[1]}$" ~/.aws/aws-keychain.list)
  if [[ -z $validkey ]]; then
    echo "You must pass in a valid aws keychain alias"
    echo "Take a look in ~/.aws/aws-keychain.list for valid options"
    echo "Or add your keychain via aws-keychain add"
    return
  fi
  aws-keychain exec $argv[1] aws ${argv:2}
}

Answer 3 · 2017-08-23T11:44:26.000Z

To anybody still using aws-keychain, I suggest looking at https://github.com/99designs/aws-vault instead if you haven't already.
AFAIK there's nothing wrong with aws-keychains encrypted-at-rest security, adn it's nice and simple, but aws-vault builds on that by using session tokens, assumed roles and MFA so the permanent credentials are never exposed in environment.
Cheers!