You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have provided the debug output using aws-vault --debug(redacted if necessary)
I checked #686 and I already had $GPG_TTY=$(tty) set and exported so not the same issue. Now my primary GPG key is stored in a Trezor model-T and am prompted on it when I need to decrypt a file in my password-store. This works well when not using aws-vault because my password-store was initialised with my TREZOR-based GPG identity.
However, you can see from the aws-vault command output above it is not working when aws-vault is in the loop. What is the significance of the --prompt flag? I understand from #1185 one use to be able to set this to "pass". Could the removal of this option be why I don't get prompted on my hardware based token.
I don't think the mfa_process option will work as I'm not using pass to generate an otp. I have MFA access set up on my two profiles and am using a software based MFA device. If I include the mfa_serial identifier in my profile I get prompted to enter the otp but it still doesn't work.
Any ideas? Thanks for your time.
The text was updated successfully, but these errors were encountered:
gpg: XXXXXXXXXXXXXXXXXXXXXXXXX: skipped: No public ke
gpg: [stdin]: encryption failed: No public key
Password encryption aborted.
aws-vault: error: exec: Failed to get credentials for dil-icompass-dev: exit status 1
Despite what I stated above I think this is some how related to #686. I think aws-vault creates a subshell (for some or all of its subcommands?) where for whatever reason the setting of GPG_TTY is not inherited and so returns "not a tty".
Yes, v7.2.0 installed via
asdf
..aws/config
(redacted if necessary)AWS_CONFIG_FILE="${XDG_CONFIG_HOME}/aws/config"
I also have the following environment variables set:
My profile credentials are stored in
aws-vault --debug
(redacted if necessary)I checked #686 and I already had
$GPG_TTY=$(tty)
set and exported so not the same issue. Now my primary GPG key is stored in a Trezor model-T and am prompted on it when I need to decrypt a file in my password-store. This works well when not usingaws-vault
because my password-store was initialised with my TREZOR-based GPG identity.However, you can see from the
aws-vault
command output above it is not working whenaws-vault
is in the loop. What is the significance of the--prompt
flag? I understand from #1185 one use to be able to set this to "pass". Could the removal of this option be why I don't get prompted on my hardware based token.I don't think the
mfa_process
option will work as I'm not usingpass
to generate an otp. I have MFA access set up on my two profiles and am using a software based MFA device. If I include themfa_serial
identifier in my profile I get prompted to enter the otp but it still doesn't work.Any ideas? Thanks for your time.
The text was updated successfully, but these errors were encountered: