AWS Vault
AWS Vault is a tool to securely store and access AWS credentials in a development environment.
AWS Vault stores IAM credentials in your operating system's secure keystore and then generates temporary credentials from those to expose to your shell and applications. It's designed to be complementary to the AWS CLI tools, and is aware of your profiles and configuration in ~/.aws/config.
The supported backends are:
- macOS Keychain
- Windows Credential Manager
- Secret Service (Gnome Keyring, KWallet)
- KWallet
- Pass
- Encrypted file
Check out the announcement blog post for more details.
Installing
You can install aws-vault:
- by downloading the latest release
- on macOS via Homebrew Cask with
brew cask install aws-vault - on Linux via Homebrew on Linux with
brew install aws-vault - on Windows via choco with
choco install aws-vault - on Archlinux via the AUR
- by compiling with
go get github.com/99designs/aws-vault
Basic Usage
# Store AWS credentials for the "jonsmith" profile
$ aws-vault add jonsmith
Enter Access Key Id: ABDCDEFDASDASF
Enter Secret Key: %%%
# Execute a command (using temporary credentials)
$ aws-vault exec jonsmith -- aws s3 ls
bucket_1
bucket_2
# open a browser window and login to the AWS Console
$ aws-vault login jonsmith
# List credentials
$ aws-vault list
Profile Credentials Sessions
======= =========== ========
jonsmith jonsmith -
See the USAGE document for more help and tips.
Security
$ aws-vault exec jonsmith -- env