Don't require master credentials for federation token

Fixes #1134
99designs · Mar 1, 2023 · e040e00 · e040e00
1 parent 8e5e8ac
commit e040e00
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/cli/login.go b/cli/login.go
@@ -106,7 +106,7 @@ func LoginCommand(input LoginCommandInput, f *vault.ConfigFile, keyring keyring.
 	} else {
 		// Use a profile from the AWS config file
 		ckr := &vault.CredentialKeyring{Keyring: keyring}
-		if config.HasRole() || config.HasSSOStartURL() {
+		if config.HasRole() || config.HasSSOStartURL() || config.HasCredentialProcess() {
 			// If AssumeRole or sso.GetRoleCredentials isn't used, GetFederationToken has to be used for IAM credentials
 			credsProvider, err = vault.NewTempCredentialsProvider(config, ckr)
 		} else {