This command line tool provides a single place to manage credentials, a way to quickly switch between default credentials, determine which account a credential refers to, and more.
C#
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Operations
Properties
Utilities
latest-release
.gitattributes
.gitignore
App.config
Program.cs
README.md
credential-manager.csproj
credential-manager.sln
iam.ico
iam32.ico
packages.config

README.md

aws-credential-manager

This command line utility uses two ways of managing aws credentials, to assist those of us who write apps and/or use the AWS CLI with multiple sets of credentials.

Features:

  1. Keeps a list of "stored credentials" using the AWS API's ProfileManager utilities. View, add or remove from this list.
  2. Allows you to set the default credential, using a wrapper for aws configure. Default is indicated on list.
  3. "Push" any stored credential to a named credential, using a wrapper for aws configure.
  4. Whois function allows you to determine the AWS IAM user for any user.

Main menu

=== Stored Credetials ===
client1           AKIAIZZZZZZZZZZZZZZZ
anotherclient     AKIAIYYYYYYYYYYYYYYY  (default)
mm sandbox        AKIAIAAAAAAAAAAAAAAA

A: Add    stored credential
R: Remove stored credential
S: Set    default credential
P: Push   to named credential
W: Whois  IAM user associated named credential
X: Exit

Whois function

Choose credential (use arrows or type): client1
Account: client1
User:    arn:aws:iam::999999999999:user/iamuser1

Add new profile

Profile name: newprofile
Access key: AAAAAAAAAAAAAAAAAAAA
Secret key: BBBBBBBBBBBBBBBBBBBBBBB

Note on default credentials

If one of the credentials listed by the credential manager is called "default", this will be picked up by the AWS API, but NOT by the command line.

To explain, this app stores credentials in two different places:

  1. As "named credentials" - You're setting this any time you choose the default or "push to a named credential". These are plain text (don't shoot the messenger) and are at %USERPROFILE%.aws\credentials. A "default" here is seen by both the CLI and the AWS API.
  2. Using the AWS API's ProfileManager utilities - This is the main list that is displayed, and these are encrypted and stored at %LOCALAPPDATA%/AWSToolkit/RegisteredAccounts.json. If you set a "default" here, it is only seen by the AWS API, but takes priority over the other one.

The simplest solution is to keep only one default: A "named credential" which will be picked up by both the cli and the api.