Stores AWS Creds and can be used to spit those creds out into useful file formats for AWS CLI tools
Ruby
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bin
lib
spec
.gitignore
Gemfile
Gemfile.lock
LICENSE.txt
README.rdoc
Rakefile
aws_keychain.gemspec

README.rdoc

aws_keychain

Stores AWS Creds and can be used to spit those creds out into useful file formats for AWS CLI tools

Usage

Requires a JSON input file in the following format

{
  "cred-name": {
    "key": "AWS Access Key",
    "secret": "AWS Access Key Secret
  }
}

Each cred hash can contain additional information beyond “key” and “secret” but those two are required.

Check out aws_keychain –help for specifics

Plugins

Currently the aws_keychain includes two plugins.

IAM Plugin

The IAM plugin will output the key and secret in the format required for an IAM credential file if you're using the IAM Cli tools.

Example

aws_keychain --keychain=/path/to/my/keychain.json --action=iam-show --output=~/iamcreds --keyname=key1

The above example will create an IAM Credential file at ~/iamcreds with the AWS key and secret found in “key1” of “keychain.json”

A more practical example of why this might be useful…

for i in $(aws_keychain --keychain=keychain.json --list-keys --quiet)
do
  aws_keychain --keychain=keychain.json --quiet --keyname=$i --output=iamcredfile
  iam-accountgetsummary
  echo "----------------------------"
done

JSON Plugin

The JSON plugin will usually be used simply to view the key and secret, or to consume the JSON result with another commandline tool.

Example

aws_keychain --keychain=/path/to/my/keychain.json --action=json-show --keyname=key1

The above example will print JSON to STDOUT representing the key “key1” found in “keychain.json”. This will include all values that are part of the hash in the keychain.json file. I.E. Possibly more than just “key” and “secret”

Testing

Currently, aws_keychain is bundled with plugins (see “Plugins” above). The tests make the assumption that the json plugin is available when testing the aws_keychain binary. This may change later

TODO

  • Validation of keychain data

  • Maybe some encryption or protection?

  • Figure out a better plugin scheme which allows them to be distributed via rubygems.

Copyright

Copyright © 2012 Ryan J. Geyer. See LICENSE.txt for further details.