Release v6.0.0 · 99designs/aws-vault

Support for AWS SSO #549 docs
Support for Yubikey TOTP #558 docs
A shell script for adding a Yubikey to IAM #559
aws-vault exec --ecs-server starts an ECS credential server offering many advantages over the EC2 metadata server #556 #375 docs
Debug http logging for the server #330
Support for setting the secret service collection with --secret-service-collection #539
Support for assume roles using OpenID Connect tokens #587
A native windows prompt wincredui #613
A pass MFA provider that reads from pass otp #640
aws-vault proxy --stop will stop the ec2 server proxy and remove the network alias. Fixes #548, #360
A new command aws-vault clear [<profile>] to remove short-term session credentials and OIDC tokens #644 #591 #412
The environment variable AWS_MIN_TTL will enforce a minimum expiry time on credentials #646

Ensure all error messages go to stderr #565
Using a key with a slash with the file backend 99designs/keyring#69
Login hang when using an unknown profile #575 #545
Shell completion issues #408, #576
Parse Windows netsh error messages in German #610
The aws-vault executable location should now be detected correctly in more instances. Fixes #596
Use the expiry window when retrieving credentials from the key store to enforce a minimum expiry time #608

Config variable parent_profile renamed to include_profile. The old parent_profile still works for backwards compatibility #520 #560 docs
Credentials created with AssumeRole and MFA are now cached #569 (Fixes #552, #532, #525)
Profile names are now case-sensitive #570 #528 7262236
The proxy command is now aws-vault proxy. This command is not user facing, but the old server subcommand still works just in case for backwards compatibility #627
When secret keys are added with aws-vault add, the secret is no longer echoed back into the terminal #625
The --sessions-only flag has been deprecated from the remove command in favour of aws-vault clear. The old flag still works for backwards compatibility

Provide feedback