Add aws_vault_credential_process config option #1117
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mtibben
reviewed
Feb 3, 2023
| AccessKeyID: aws.ToString(creds.AccessKeyId), | ||
| SecretAccessKey: aws.ToString(creds.SecretAccessKey), | ||
| SessionToken: aws.ToString(creds.SessionToken), | ||
| CanExpire: true, |
There was a problem hiding this comment.
Can this be determined from the AccessKeyID? Or is this value not important?
mtibben
reviewed
Feb 3, 2023
| SSORoleName string `ini:"sso_role_name,omitempty"` | ||
| WebIdentityTokenFile string `ini:"web_identity_token_file,omitempty"` | ||
| WebIdentityTokenProcess string `ini:"web_identity_token_process,omitempty"` | ||
| AWSVaultCredentialProcess string `ini:"aws_vault_credential_process,omitempty"` |
There was a problem hiding this comment.
Shall we make this the standard credential_process?
mtibben
reviewed
Feb 3, 2023
| @@ -166,6 +166,33 @@ func NewAssumeRoleWithWebIdentityProvider(k keyring.Keyring, config *Config) (aw | |||
| return p, nil | |||
| } | |||
|
|
|||
| // NewAssumeRoleWithCredentialProcessProvider returns a provider that generates | |||
| // credentials using AssumeRoleWithCredentialProcess | |||
| func NewAssumeRoleWithCredentialProcessProvider(k keyring.Keyring, config *Config) (aws.CredentialsProvider, error) { | |||
There was a problem hiding this comment.
NewCredentialFromProcessProvider
|
Fixed in #1087 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding
aws_vault_credential_processas a configuration option in aws config. It allows specifying a command that will be executed to generate credentials. This is useful for supporting ad-hoc scenarios such as using as custom implementation of IAM Identity Provider logic that requires calling identity vendor specific APIs. This allows for using the security advantages of aws-vault while using a custom credentials source such as IDP CLI.