Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

aws-env Build Status

A simple shell utility for exporting a given AWS credentials profile to environment variables. Useful for crossing machine boundaries with SSH and Vagrant.


Shamelessly ripped from aws-env -h:

usage: aws-env [-h] [-n] [-l] [profile]

Extract AWS credentials for a given profile as environment variables.

positional arguments:
  profile          The profile in ~/.aws/credentials or ~/.aws/credentials.d/
                   to extract credentials for. Defaults to 'default'.

optional arguments:
  -h, --help       show this help message and exit
  -n, --no-export  Do not use export on the variables.
  -l, --ls         List available profiles.

aws-env looks first at ~/.aws/credentials and then at all files in ~/.aws/credentials.d/ if found and merges all of them together in a dictionary of profiles. ~/.aws/credentials is loaded first and everything loaded from ~/.aws/credentials.d/ are loaded in alphabetically sorted order and merged in. (See [Encrypted Credential Files](#Encrypted Credential Files) for instructions on using encrypted credential files.)

If you have a profile named brangus, you can extract environment variables like so:

$ aws-env brangus
export AWS_ACCESS_KEY_ID=...

As a shortcut, you can directly source the output of this command to export the variables into your shell session:

$ $(aws-env brangus)

This will cause your shell to execute the output of aws-env, exporting these environment variables.

WARNING: This is potentially very dangerous if you don't trust the script you're executing, so use with care and establish trust. All commits and releases here are PGP signed with my key, so if you know me and trust me, you should be able to use this, but as always, read the source code and check it before you blindly pipe code into your shell session.

Encrypted Credential Files

aws-env now supports encrypted credential files! Stash files ending in .asc, .gpg, or .pgp in ~/.aws/credentials.d/ and aws-env will attempt to decrypt these files using GnuPG. gpg2 is preferred but gpg will be used as a backup option.

aws-env will decrypt files directly into memory. File format should be the same as ~/.aws/credentials. Here's a sample tree output detailing the directory layout:

├── config
├── credentials
└── credentials.d
    └── naftulikay.asc

1 directory, 3 files


There already exists an awsenv package on PyPI, so this is not published to PyPI. I have a personal frustration with PyPI in a number of respects, so this module is best installed via pip directly.

Please visit the releases page for a listing of releases and tag names, and use those to install a given version of the software. Release 1.0.0 is going to have a tag named v1.0.0, etc.

User Install

To install aws-env as an ordinary user:

pip install --user git+
System Install

To install aws-env system-wide:

sudo pip install git+


This project uses buildout to manage the project. Simply put, to get started you can use a virtualenv if you'd like, then install the requirements:

$ pip install --user -r requirments.txt

Next, build the project:

$ buildout

You should now have all dependencies and some scripts in bin/ such as bin/test, bin/python, bin/ipython, and bin/aws-env. Buildout is rad.


Read the file called LICENSE, but it's basically MIT. If you want or need a dual-license for some reason that I have yet to understand, please ask and I can dual-license it as appropriate.


A utility script for exporting an AWS profile as environment variables.







No packages published