sj26 / awscli-keyring Goto Github PK
View Code? Open in Web Editor NEWAWS CLI Keyring
License: MIT License
AWS CLI Keyring
License: MIT License
curl -I https://pypi.python.org/pypi/awscli-keyring/0.1.3
returns 404
I deleted my keys within keychain access. I ran keyring show to verify that they were gone and it looks like it's trying to display null data. I see a check for missing keys in the code, but it doesn't seem to be catching what I did.
Perhaps this is all my fault. :) Does awscli retain the info that there's a key around and choke when I've deleted it? Is there a different way I should have deleted these keys through awscli?
Here is the error message:
$ aws keyring show
coercing to Unicode: need string or buffer, NoneType found
I created two profiles with unique keys:
$ aws --profile account-a keyring add
Key:
Secret:
$ aws --profile account-a keyring show
AWS_ACCESS_KEY_ID="......Q"
AWS_SECRET_ACCESS_KEY="......q"
$ aws --profile account-b keyring add
Key:
Secret:
$ aws --profile account-b keyring show
AWS_ACCESS_KEY_ID="......A"
AWS_SECRET_ACCESS_KEY="......L"
However, the keys in the later addition overwrote those from the earlier one:
$ aws --profile account-a keyring show
AWS_ACCESS_KEY_ID="......A"
AWS_SECRET_ACCESS_KEY="......L"
It doesn't appear that the profile information was written to the config file, either:
$ cat ~/.aws/config
[plugins]
keyring = awscli_keyring
[default]
keyring = true
Version:
Successfully installed awscli-keyring-0.1.0
Hey Sam,
Following your instructions in the readme but when I run the following command I get an error (had a bit of a google but can't obviously see the correct syntax for this command)
$ aws configure set plugins.keyring awscli_keyring
usage: aws [options] <command> <subcommand> [parameters]
aws: error: argument command: Invalid choice, valid choices are:
autoscaling | cloudformation
cloudfront | cloudhsm
cloudsearch | cloudsearchdomain
cloudtrail | cloudwatch
cognito-identity | cognito-sync
datapipeline | directconnect
ds | dynamodb
ec2 | ecs
efs | elasticache
elasticbeanstalk | elastictranscoder
elb | emr
glacier | iam
importexport | kinesis
kms | lambda
logs | machinelearning
opsworks | rds
redshift | route53
route53domains | sdb
ses | sns
sqs | ssm
storagegateway | sts
support | swf
workspaces | s3api
s3 | configure
deploy | configservice
help
You guys might be aware, but I thought I'd point out that the keyring python library just acts as a wrapper to /usr/bin/security
, which once whitelisted (in my experience most people press "Always Allow" the first time), will allow any process running as your user to access your keychain entries.
Unless I've missed something, the entries get added to your login keychain, which means that for most practical purposes storing aws credentials this way isn't any better than plaintext in ~/.aws/credentials
with limited permissions (provided you have FileVault turned on).
Have I missed something? What attacks are prevented by storing credentials this way?
In the OSX Keyring implementation, keychain items are named awscli:key
and awscli:secret
. It would be nice if the profile name was included in the item name, so they could be differentiated (e.g. in Keychain Access).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.