-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Feature to Store Okta Credentials in macOS or OS-Native Keystore #43
Comments
Ooh, good idea! A bit like the git credential helpers... (Not a maintainer, just another happy user!) |
So it'd be nice if aws-okta-processor supported this. In the meantime, I just whipped up this little script to execute instead of aws-okta-processor directly: #!/bin/bash
password=$(security find-generic-password -w -a aws-okta-processor -s aws-okta-processor)
credentials=$(aws-okta-processor authenticate --pass $password $@)
echo $credentials |
I like the idea as well to integrate with OS-Native Keychain (another happy user of this project). For now, you can use @jfalkenstein solution by plugging that bash script to be executed by Sample bash file
AWS Config file:
|
Improvement upon my script:
|
Hello! I have been using this tool for a few weeks now. It's pretty solid and is a nice replacement for aws-okta (an older/deprecated tool). One of the features it had was that the Okta credentials could be retrieved from the macOS keychain (for macOS) or on Linux the keychain there or whatever OS was being used I guess.
This is more of a feature request, but it would be nice to have this option in this tool. Whenever the SAML session expires, one has to enter their password for the
credential_process
to move forward. This is great security and in most cases, fine. However, sometimes automated tooling may not be so smart and understand credential_process is prompting for input and can sometimes hang. I know this is that app's implementation fault; nevertheless, it might be useful and convenient to allow users to store the Okta credentials securely in their keystore and only be bothered with Okta 2FA requires a re-validation.The text was updated successfully, but these errors were encountered: