You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When you run aws-keychain exec ... the command will be in ps, along with the token.
Got an example of that happening? I think you'll find the environment passed to the command is not exposed to unprivileged users via ps.
Why not simply put them in ~/.aws/credentials, where they should be.
Because then the secrets are stored in plaintext while at rest on disk. Keeping them encrypted in Keychain adds layer of security, if not a perfect one. If that's not enough, see https://github.com/99designs/aws-vault for a more involved take on this, including generating time-limited session credentials.
When you run
aws-keychain exec ...
the command will be inps
, along with the token.Why not simply put them in
~/.aws/credentials
, where they should be.The text was updated successfully, but these errors were encountered: