From a4aad4f14b544ca37537126043d7052d03211fde Mon Sep 17 00:00:00 2001
From: Michael Tibben <michael.tibben@99designs.com>
Date: Sat, 18 Feb 2023 13:24:19 +1100
Subject: [PATCH] Remove use of old env vars

---
 README.md   | 4 ----
 cli/exec.go | 9 +++------
 2 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index be67e6e80..88723d364 100644
--- a/README.md
+++ b/README.md
@@ -75,21 +75,17 @@ AWS Vault then exposes the temporary credentials to the sub-process in one of tw
    ```shell
    $ aws-vault exec jonsmith -- env | grep AWS
    AWS_VAULT=jonsmith
-   AWS_DEFAULT_REGION=us-east-1
    AWS_REGION=us-east-1
    AWS_ACCESS_KEY_ID=%%%
    AWS_SECRET_ACCESS_KEY=%%%
    AWS_SESSION_TOKEN=%%%
-   AWS_SECURITY_TOKEN=%%%
    AWS_CREDENTIAL_EXPIRATION=2020-04-16T11:16:27Z
-   AWS_SESSION_EXPIRATION=2020-04-16T11:16:27Z
    ```
 2. **Local metadata server** is started. This approach has the advantage that anything that uses Amazon's SDKs will automatically refresh credentials as needed, so session times can be as short as possible.
    ```shell
    $ aws-vault exec --server jonsmith -- env | grep AWS
    aws-vault: Starting an ECS credential server; your app\'s AWS sdk must support AWS_CONTAINER_CREDENTIALS_FULL_URI.
    AWS_VAULT=jonsmith
-   AWS_DEFAULT_REGION=us-east-1
    AWS_REGION=us-east-1
    AWS_CONTAINER_CREDENTIALS_FULL_URI=%%%
    AWS_CONTAINER_AUTHORIZATION_TOKEN=%%%
diff --git a/cli/exec.go b/cli/exec.go
index 8c6814998..04c838231 100644
--- a/cli/exec.go
+++ b/cli/exec.go
@@ -203,8 +203,7 @@ func updateEnvForAwsVault(env environ, profileName string, region string) enviro
 	env.Set("AWS_VAULT", profileName)
 
 	if region != "" {
-		log.Printf("Setting subprocess env: AWS_DEFAULT_REGION=%s, AWS_REGION=%s", region, region)
-		env.Set("AWS_DEFAULT_REGION", region)
+		log.Printf("Setting subprocess env: AWS_REGION=%s", region)
 		env.Set("AWS_REGION", region)
 	}
 
@@ -260,14 +259,12 @@ func execEnvironment(input ExecCommandInput, config *vault.Config, credsProvider
 	env.Set("AWS_SECRET_ACCESS_KEY", creds.SecretAccessKey)
 
 	if creds.SessionToken != "" {
-		log.Println("Setting subprocess env: AWS_SESSION_TOKEN, AWS_SECURITY_TOKEN")
+		log.Println("Setting subprocess env: AWS_SESSION_TOKEN")
 		env.Set("AWS_SESSION_TOKEN", creds.SessionToken)
-		env.Set("AWS_SECURITY_TOKEN", creds.SessionToken)
 	}
 	if creds.CanExpire {
-		log.Println("Setting subprocess env: AWS_CREDENTIAL_EXPIRATION, AWS_SESSION_EXPIRATION")
+		log.Println("Setting subprocess env: AWS_CREDENTIAL_EXPIRATION")
 		env.Set("AWS_CREDENTIAL_EXPIRATION", iso8601.Format(creds.Expires))
-		env.Set("AWS_SESSION_EXPIRATION", iso8601.Format(creds.Expires))
 	}
 
 	if !supportsExecSyscall() {