Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-vault configure #601

Open
FernandoMiguel opened this issue Jun 5, 2020 · 11 comments
Open

aws-vault configure #601

FernandoMiguel opened this issue Jun 5, 2020 · 11 comments
Labels
feature

Comments

@FernandoMiguel
Copy link
Collaborator

Now that v6 adds SSO support, it is missing an important security feature:
aws-vault configure

a user to has to aws sso configure to create the profile in ~/.aws/config if they don't want to create it by hand.
by doing so, a long term session json will be left under ~/.aws/sso/

If aws-vault is able to run the configure command and store the keys directly into the keychain, no sensitive files are left on disk
@stale
Copy link

stale bot commented Dec 4, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Dec 4, 2020
@christophetd
Copy link
Contributor

Sounds like this is still a great feature proposal!

@stale stale bot removed the stale label Dec 7, 2020
@stale
Copy link

stale bot commented Jun 9, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jun 9, 2021
@christophetd
Copy link
Contributor

Still an interesting feature request it seems?

@stale stale bot removed the stale label Jun 9, 2021
@stale
Copy link

stale bot commented Jan 3, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jan 3, 2022
@christophetd
Copy link
Contributor

Commenting to avoid closure.

@stale stale bot removed the stale label Jan 5, 2022
@christophetd
Copy link
Contributor

AWS SSO roles and accounts you have access to frequently change. I find myself having to manually juggle with my .aws/config a lot, and that's why people created tooling like https://github.com/synfinatic/aws-sso-cli

It would be nice to have this feature in aws-vault, but I'm unsure what it would look like:

  • Do we want to prompt at exec/login time for the SSO account and role to use, and use it as a one-off?
  • Do we want to have an aws-vault sso-configure command that interactively shows the AWS accounts and roles the user has access to, and select the ones they want to have reflected in their .aws/config file?
  • Do we consider it out of scope of aws-vault, and consider we should have an external tool handling the generation of .aws/config?

@mtibben feel free to share if you have an opinion

@mtibben
Copy link
Member

mtibben commented Feb 25, 2022

Hey @christophetd I don't have an opinion as I don't use this feature at this time

@stale
Copy link

stale bot commented Sep 21, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Sep 21, 2022
@mtibben
Copy link
Member

mtibben commented Dec 19, 2022

Hey @christophetd if you wish to implement this, feel free to open a PR. As I don't intend to implement at this time I will close for now.

@mtibben mtibben closed this as completed Dec 19, 2022
@mtibben mtibben closed this as not planned Won't fix, can't repro, duplicate, stale Dec 19, 2022
@mtibben
Copy link
Member

mtibben commented Feb 28, 2023

I was too hasty to close this ticket - with 37 👍 it does seem to have some support. While I don't plan to implement this at this time, I'll leave this open for now

@mtibben mtibben reopened this Feb 28, 2023
@mtibben mtibben removed the stale label Feb 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@christophetd @FernandoMiguel @mtibben