Git Product home page Git Product logo

awscli-keyring's People

Contributors

sj26 avatar stanvit avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

rhoml fairfax-newsnow lloydhazlett andrewjhumphrey vmenajr elastic offbyone mmattice

awscli-keyring's Issues

Failed error check with deleted keys

I deleted my keys within keychain access. I ran keyring show to verify that they were gone and it looks like it's trying to display null data. I see a check for missing keys in the code, but it doesn't seem to be catching what I did.

Perhaps this is all my fault. :) Does awscli retain the info that there's a key around and choke when I've deleted it? Is there a different way I should have deleted these keys through awscli?

Here is the error message:

$ aws keyring show

coercing to Unicode: need string or buffer, NoneType found

Profiles overwrite each other

I created two profiles with unique keys:

$ aws --profile account-a keyring add
Key:
Secret:
$ aws --profile account-a keyring show
AWS_ACCESS_KEY_ID="......Q"
AWS_SECRET_ACCESS_KEY="......q"

$ aws --profile account-b keyring add
Key:
Secret:
$ aws --profile account-b keyring show
AWS_ACCESS_KEY_ID="......A"
AWS_SECRET_ACCESS_KEY="......L"

However, the keys in the later addition overwrote those from the earlier one:

$ aws --profile account-a keyring show
AWS_ACCESS_KEY_ID="......A"
AWS_SECRET_ACCESS_KEY="......L"

It doesn't appear that the profile information was written to the config file, either:

$ cat ~/.aws/config
[plugins]
keyring = awscli_keyring
[default]
keyring = true

Version:

Successfully installed awscli-keyring-0.1.0

Can't add the awscli_keyring plugin

Hey Sam,
Following your instructions in the readme but when I run the following command I get an error (had a bit of a google but can't obviously see the correct syntax for this command)

$ aws configure set plugins.keyring awscli_keyring
usage: aws [options] <command> <subcommand> [parameters]
aws: error: argument command: Invalid choice, valid choices are:

autoscaling                              | cloudformation
cloudfront                               | cloudhsm
cloudsearch                              | cloudsearchdomain
cloudtrail                               | cloudwatch
cognito-identity                         | cognito-sync
datapipeline                             | directconnect
ds                                       | dynamodb
ec2                                      | ecs
efs                                      | elasticache
elasticbeanstalk                         | elastictranscoder
elb                                      | emr
glacier                                  | iam
importexport                             | kinesis
kms                                      | lambda
logs                                     | machinelearning
opsworks                                 | rds
redshift                                 | route53
route53domains                           | sdb
ses                                      | sns
sqs                                      | ssm
storagegateway                           | sts
support                                  | swf
workspaces                               | s3api
s3                                       | configure
deploy                                   | configservice
help

Keyring uses `security` command on OSX for Keychain access

You guys might be aware, but I thought I'd point out that the keyring python library just acts as a wrapper to /usr/bin/security, which once whitelisted (in my experience most people press "Always Allow" the first time), will allow any process running as your user to access your keychain entries.

Unless I've missed something, the entries get added to your login keychain, which means that for most practical purposes storing aws credentials this way isn't any better than plaintext in ~/.aws/credentials with limited permissions (provided you have FileVault turned on).

Have I missed something? What attacks are prevented by storing credentials this way?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.