CLI manager for AWS IAM access keys in Mac OS X keychain; succeeded by https://github.com/99designs/aws-vault
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
CHANGELOG.md
README.md
aws-keychain
aws-keychain-completion.bash
aws-keychain-completion.zsh

README.md

aws-keychain

Note: I recommend https://github.com/99designs/aws-vault instead, and will not be maintaining aws-keychain.

The aim of aws-keychain is to run commands that require AWS credentials without ever storing those credentials unencrypted on disk. Mac OS X's keychain is used for storage, and credentials are passed to commands via the well known environment variables that all tools look for.

aws-keychain    (c) 2014-2015 Paul Annesley    MIT license.

Store multiple AWS IAM access keys in Mac OS X keychain.
Check out one of them at a time into ~/.aws/credentials

Manage access keys in Keychain:
  aws-keychain add <name> <access_key_id> <secret_access_key>
  aws-keychain add <name> # (interactive prompt for key and secret)
  aws-keychain ls
  aws-keychain exec <name> <command ... >
  aws-keychain rm <name>

Install

Copy/symlink aws-keychain to somewhere in your path.

ln -s $(pwd)/aws-keychain /usr/local/bin

If you're using Zsh, copy/symlink aws-keychain-completion.zsh to _aws-keychain in an $fpath directory:

ln -s $(pwd)/aws-keychain-completion.zsh /usr/local/share/zsh/site-functions/_aws-keychain

If you're using Bash, source aws-keychain-completion.bash in your .bashrc or copy/symlink aws-keychain-completion.bash to your etc/bash_completion.d:

ln -s $(pwd)/aws-keychain-completion.bash /usr/local/etc/bash_completion.d/aws-keychain-completion.bash

Example

# beware shell history
$ aws-keychain add personal AKILNNK8O1KFMIZRQY1J QURSltVBG33e1qUxVhtsDw

$ aws-keychain add work
Access Key ID: AKIJA9JFOPAKMH9AJPCJ
Secret Access Key (hidden): ********

$ aws-keychain ls
personal
work

$ aws-keychain exec personal aws s3 ls
2012-08-22 13:56:43 some-bucket-name
2014-02-12 19:12:31 another-bucket

$ aws-keychain rm work
password has been deleted.

$ aws-keychain ls
personal