Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



11 Commits

Repository files navigation

AWS Keymaster

Build Status

A simple utility that allows you import a public key into all AWS regions with a single command.

Table of Contents


Use the Makefile to build aws-keymaster:

make build

To build a docker container:

docker build -t aws-keymaster .


Before running aws-keymaster, you need to ensure that you have configured access to your AWS account. You can do so by using the AWS CLI to configure your development machine. Alternatively, you can configure credentials by creating a file called ~/.aws/credentials with contents that look something like this:

aws_access_key_id = AKID1234567890
aws_secret_access_key = MY-SECRET-KEY

Or, you can use environment variables to configure your credentials.


Amazon has a blog post with more information about how to configure your AWS credentials.

The credentials you use must be associated with an IAM user that has sufficient permissions to import keypairs in all regions.


  aws-keymaster [command]

Available Commands:
  import      Imports a public key into all AWS regions
  delete      Deletes a keypair from all AWS regions
  version     Display the version of aws-keymaster

      --dry-run[=false]: Checks whether you have the required permissions, without attempting the request
  -h, --help[=false]: help for aws-keymaster

Use "aws-keymaster [command] --help" for more information about a command.

Import a public key into all regions

Imports a public key with the specified name and public key to all AWS regions

  aws-keymaster import [name] [public key file] [flags]

Global Flags:
      --dry-run[=false]: Checks whether you have the required permissions, without attempting the request

To import a public key to all regions, you use the import command. It requires two arguments: the name of the key pair and the path to the public key on your file system.

./bin/aws-keymaster import mykey ~/.ssh/
eu-west-1:       Imported keypair 'mykey' - 57:bf:37:68:69:18:29:aa:4d:da:f7:1b:e6:28:4e:e8
ap-southeast-1:  Imported keypair 'mykey' - 57:bf:37:68:69:18:29:aa:4d:da:f7:1b:e6:28:4e:e8

If you do not pass in those arguments, aws-keymaster will prompt you for them.

./bin/aws-keymaster import
Key Name: mypubkey
Public key [/Users/ryan/.ssh/]:

eu-west-1:       Imported keypair 'mypubkey' - 57:bf:37:68:69:18:29:aa:4d:da:f7:1b:e6:28:4e:e8

Delete a named keypair from all regions

Deletes a keypair with the specified name from all AWS regions

  aws-keymaster delete [name] [flags]

  -f, --force[=false]: Delete keypairs without prompting

Global Flags:
      --dry-run[=false]: Checks whether you have the required permissions, without attempting the request

To delete a keypair called keypairname from all regions, you can use the delete subcommand:

./bin/aws-keymaster delete keypairname
Are you sure you want to delete keypair 'testing'? (yes/no) [no]: yes
eu-west-1:       Deleted keypair 'keypairname'
ap-southeast-1:  Deleted keypair 'keypairname'

You can delete a keypair without prompting by using the --force flag:

./bin/aws-keymaster delete keypairname --force

Dry Runs

For both the import and delete commands, you can use the --dry-run flag to confirm that your AWS credentials have the sufficient permissions to perform the operations:

./bin/aws-keymaster import mykey ~/.ssh/ --dry-run
[Dry Run] eu-west-1:       Imported keypair 'mykey'
[Dry Run] ap-southeast-1:  Imported keypair 'mykey'

Running from Docker

If you are running aws-keymaster from a docker container, you will likely need to use a volume mount in order to be able to specify a public key on the local file system. In addition, you may need to use environment variables to pass in your AWS credentials. The example below illustrates how to use the docker container to run the import command:

docker run --rm -it -v ~/.ssh/:/ssh -e "AWS_ACCESS_KEY_ID=AKID1234567890" -e "AWS_SECRET_ACCESS_KEY=MY-SECRET-KEY" ryane/aws-keymaster import dockertest /ssh/


aws-keymaster is released under the Apache 2.0 license (see LICENSE)

The Keymaster


Imports an EC2 keypair to all AWS regions







No releases published


No packages published