awsenv is intended as a local credential store for people using more than one AWS account at the same time
Go Shell Makefile
Latest commit dfbdfa4 Oct 21, 2016 @Luzifer prepare release v0.11.1
Permalink
Failed to load latest commit information.
Godeps Migrated to go1.6 vendoring Apr 17, 2016
credentials Drop "awsenv-" prefix in username Sep 13, 2016
security Added auto-timeout for LockAgent Apr 14, 2016
shellsupport Fix: Region variable was broken Feb 3, 2016
vendor Migrated to go1.6 vendoring Apr 17, 2016
.gitignore Added Godeps May 23, 2015
.repo-runner.yaml Build and push to Github releases Oct 21, 2016
History.md prepare release v0.11.1 Oct 21, 2016
LICENSE Added license file May 25, 2015
Makefile Build and push to Github releases Oct 21, 2016
README.md Build and push to Github releases Oct 21, 2016
cmdAdd.go Fix: Description for AWS region contained variable name Aug 17, 2015
cmdChangePassword.go Added `awsenv passwd` command to change password Apr 14, 2016
cmdConsole.go Moved to spf13/cobra as CLI framework May 28, 2015
cmdDelete.go Moved to spf13/cobra as CLI framework May 28, 2015
cmdGet.go Moved to spf13/cobra as CLI framework May 28, 2015
cmdList.go Moved to spf13/cobra as CLI framework May 28, 2015
cmdLock.go Moved to spf13/cobra as CLI framework May 28, 2015
cmdPrompt.go Added command "prompt" Jun 23, 2015
cmdRun.go Added `run` command Feb 15, 2016
cmdShell.go Moved to spf13/cobra as CLI framework May 28, 2015
cmdUnlock.go Added auto-timeout for LockAgent Apr 14, 2016
cmdVersion.go Updated README, executed `go fmt` Feb 15, 2016
config.go Added auto-timeout for LockAgent Apr 14, 2016
lockagent.go Fix: Ensure directories for token-file are created May 2, 2016
main.go Remove hardcoded version from source Oct 21, 2016
publish.sh Build and push to Github releases Oct 21, 2016
security.md Refreshed documentation May 21, 2015

README.md

Luzifer / awsenv

awsenv is intended as a local credential store for people using more than one AWS account at the same time.

For security considerations about this software please refer to the security.md file in this repository.

Features

  • Secure storage of credentials (AES256)
  • No more access when credential store is "locked"
  • Export credentials for your shells eval function
  • Amazon STS support to open the web-console without login-hazzle

Installation

Using Homebrew

  1. Add my tap to Homebrew:
    brew tap Luzifer/tools
  2. Install awsenv:
    brew install awsenv

From source

go get -u github.com/Luzifer/awsenv

From binary

  1. Go to the releases page
  2. Download the binary for your system and put into your $PATH

Supported shells

  • bash / zsh
    • Put this function into your ~/.bashrc / ~/.zshrc and you can access your environments using set_aws <name>
function set_aws {
  eval $(awsenv shell $1)
}
function login_aws {
  open $(awsenv console $1)
}
  • fish
    • Put this function into ~/.config/fish/functions/set_aws.fish and you can access your environments using set_aws <name>
function set_aws --description 'Set the AWS environment variables' --argument AWS_ENV
    eval (awsenv shell $AWS_ENV)
end
function login_aws --description 'Open browser with AWS console' --argument AWS_ENV
    open (awsenv console $AWS_ENV)
end

Sample workthrough

Installation

$ wget -q https://gobuilder.me/get/github.com/Luzifer/awsenv/awsenv_master_linux-amd64.zip
$ unzip awsenv_master_linux-amd64.zip
Archive:  awsenv_master_linux-amd64.zip
   creating: awsenv/
  inflating: awsenv/awsenv
$ sudo mv awsenv/awsenv /usr/local/bin/

Adding an environment and using it

# We can not list because the credentials are locked
$ awsenv list
ERRO[0000] No password is available. Use 'unlock' or provide --password.

# Unlock the credentials (now the password is set for later)
$ awsenv unlock
Password: demo

# We can now list without errors but have no environments
$ awsenv list

# Lets add an environment
$ awsenv add --region eu-west-1 demoenv
AWS Access-Key: myaccesskey
AWS Secret-Access-Key: mysecretkey
INFO[0010] Credential 'demoenv' has been created

# Now we can list the environment we just created
$ awsenv list
demoenv

# With the get command we can display the information
$ awsenv get demoenv
Credentials for the 'demoenv' environment:
 AWS Access-Key:        myaccesskey
 AWS Secret-Access-Key: mysecretkey
 AWS EC2-Region:        eu-west-1

# The lock command will secure the credentials again
$ awsenv lock
$ awsenv get demoenv
ERRO[0000] No password is available. Use 'unlock' or provide --password.

# We need to unlock it with the same credentials
$ awsenv unlock
Password: demo
$ awsenv get demoenv
Credentials for the 'demoenv' environment:
 AWS Access-Key:        myaccesskey
 AWS Secret-Access-Key: mysecretkey
 AWS EC2-Region:        eu-west-1

# We're currently working in a bash without AWS ENV vars
$ env | grep AWS

# But we can load them using the set_aws function
$ set_aws demoenv
$ env | grep AWS
AWS_SECRET_ACCESS_KEY=mysecretkey
AWS_ACCESS_KEY_ID=myaccesskey
AWS_ACCESS_KEY=myaccesskey
AWS_SECRET_KEY=mysecretkey

# Now the prompt command can tell you which env is set
$ awsenv prompt
demoenv

# You also can run commands with AWS crentials directly
$ awsenv run demoenv -- env | grep AWS
AWS_ACCESS_KEY_ID=myaccesskey
AWS_SECRET_ACCESS_KEY=mysecretkey
AWS_ACCESS_KEY=myaccesskey
AWS_SECRET_KEY=mysecretkey
AWS_REGION=us-east-1
AWS_DEFAULT_REGION=us-east-1

# Lets try to unlock with a wrong password
$ awsenv lock
$ awsenv unlock
Password: fooo

# The database is now not readable for us
$ awsenv l
ERRO[0000] Unable to read credential database

# As soon as we unlock with the right password it works again
$ awsenv unlock
Password: demo
$ awsenv l
demoenv