Coder Social home page Coder Social logo

get-aws-profile-bash's Introduction

Fetch IAM keys and secrets from a AWS credentials file

This is a pure bash script that can parse and extract AWS credentials (key id and secret) from a ~/.aws/credentials file.

$ ./get-aws-profile.sh --help
Usage: ./get-aws-profile.sh [--credentials=<path>] [--profile=<name>] [--key|--secret]
  Default --credentials is '~/.aws/credentials'
  Default --profile is 'default'
  By default environment variables are generate, e.g.
    source $(./get-aws-profile.sh --profile=myprofile)
  You can specify one --key or --secret to get just that value, with no line break,
    FOO_KEY=$(./get-aws-profile.sh --profile=myprofile --key)
    FOO_SECRET=$(./get-aws-profile.sh --profile=myprofile --secret)

Set environment variables for 'my-example' profile

$ ./get-aws-profile.sh --profile my-example
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

$ eval $(./get-aws-profile.sh --profile my-example)

Get key and secret for 'my-example' profile

$ ./get-aws-profile.sh --profile my-example --key
AKIAIOSFODNN7EXAMPLE

$ ./get-aws-profile.sh --profile my-example --secret
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

$ export AWS_ACCESS_KEY_ID=$(./get-aws-profile.sh --profile my-example --key)
$ export AWS_SECRET_ACCESS_KEY=$(./get-aws-profile.sh --profile my-example --secret)

Get key and secret for 'default' profile from a custom 'ini' file

$ ./get-aws-profile.sh --credentials /foo/bar/my-creds-file --key
AKIAIOSFODNN7EXAMPLE

$ ./get-aws-profile.sh --credentials /foo/bar/my-creds-file --secret
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

AWS Credentials file format

The AWS credentials file format appears to follow the old Windows 'ini' file format. Check the AWS documentation for more information.

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[my-profile]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

Rationale

I often need to include an AWS key id and secret in deployment scripts. Yet I don't want to actually include the credentials in the script or in the git repository. Many AWS client support storing AWS credentials in an ~/.aws/credentials files and using a --profile argument or AWS_DEFAULT_PROFILE environment variable. However other tools only work by setting the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables. Sometimes you need to inject these credentials into stored secrets or configurations. This script helps script these tasks whilst keeping the credentials out of your scripts and repository. I wanted a pure bash solution I could include in automated build and deployment environments.

Credits

The really cool part of this script is the 'ini' file parser written by Andres J. Diaz.

get-aws-profile-bash's People

Contributors

alexlatchford avatar brandongalbraith avatar jtyers avatar petervandenabeele avatar whereisaaron avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

petervandenabeele wongkk25 alexlatchford ampacheco mkj28 alvarow dpurrington expevgowdaks jtyers parsley72 butangero brandongalbraith virgilwashere ian-tenovos debodirno kescott027 hariprasadallaka1612 orangewise sleepyeinstein blakepancin bricehartmann bennyelg sinokuma nardonef buddalee

get-aws-profile-bash's Issues

Readme example commands

I was able to successfully use your script as follows (notice the = sign):
$ ./get-aws-profile.sh --profile=my-example --key

In your example however it says to run it as follows which did not work for me
$ ./get-aws-profile.sh --profile my-example --key

Following your example command it returned:
Unknown option --profile

Am I missing something?

script is not executable by default (chmod u+x)

Fresh git clone:

➜  get-aws-profile-bash git:(master) ./get-aws-profile.sh  
zsh: permission denied: ./get-aws-profile.sh
➜  get-aws-profile-bash git:(master) chmod u+x get-aws-profile.sh 
➜  get-aws-profile-bash git:(master) ✗ ./get-aws-profile.sh 
./get-aws-profile.sh: line 118: cfg.section.default: command not found
Profile 'default' not found

I will see if I can submit a PR.

Script fails is not executed on the same directory

Hi, really cool script!

I have found that it only works if I called it from the same directory where it lives, i.e.

$ ./get-aws-profile.sh

but if I drop the script say in ~/bin and simply call

~$ get-aws-profile.sh --profile=saml
/Users/regulya/bin/get-aws-profile.sh: eval: line 41: syntax error near unexpected token `}'
/Users/regulya/bin/get-aws-profile.sh: eval: line 41: `}'
Parsing credentials file '/Users/regulya/.aws/credentials' failed

It fails with above error.

The same error happens if I call it with the full path, but not being on the same directory:

~$ ./bin/get-aws-profile.sh --profile=saml
./bin/get-aws-profile.sh: eval: line 41: syntax error near unexpected token `}'
./bin/get-aws-profile.sh: eval: line 41: `}'
Parsing credentials file '/Users/regulya/.aws/credentials' failed

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.