Storing AWS CLI credentials in macOS keychain

Scripts here assume that the following environment variables are correctly assigned in your .zshrc/.bashrc:

AWS_ACCOUNT_ID

AWS_IAM_USERNAME

Create AWS access key and run the script below.

# The spaces in front are to prevent storing secrets in terminal history
  AWS_ACCESS_KEY_ID=XXX
  AWS_SECRET_ACCESS_KEY=YYY

AWS_USER_ARN="arn:aws:iam::$AWS_ACCOUNT_ID:user/$AWS_IAM_USERNAME"
AWS_CREDENTIALS="{\"Version\":1,\"AccessKeyId\":\"$AWS_ACCESS_KEY_ID\",\"SecretAccessKey\":\"$AWS_SECRET_ACCESS_KEY\"}"

security add-generic-password -l "$AWS_USER_ARN" -a "$AWS_USER_ARN" -s "$AWS_USER_ARN" -w "$AWS_CREDENTIALS"

Using short-lived tokens with AWS CLI

Configure MFA with your AWS account.
Run ~/.aws/login.sh and enter your one-time password from MFA. If all is Ok it will generate a short-lived auth token and store it in the keychain for later use by AWS CLI.

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
.gitignore		.gitignore
config		config
credentials		credentials
get-1fa-credentials.sh		get-1fa-credentials.sh
get-2fa-credentials.sh		get-2fa-credentials.sh
lib.sh		lib.sh
login.sh		login.sh
readme.md		readme.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Storing AWS CLI credentials in macOS keychain

Using short-lived tokens with AWS CLI

About

Releases

Packages

Languages

0x416e746f6e/.aws

Folders and files

Latest commit

History

Repository files navigation

Storing AWS CLI credentials in macOS keychain

Using short-lived tokens with AWS CLI

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages