aws_keychain¶ ↑

Stores AWS Creds and can be used to spit those creds out into useful file formats for AWS CLI tools

Usage¶ ↑

Requires a JSON input file in the following format

{
  "cred-name": {
    "key": "AWS Access Key",
    "secret": "AWS Access Key Secret
  }
}

Each cred hash can contain additional information beyond “key” and “secret” but those two are required.

Check out aws_keychain –help for specifics

Plugins¶ ↑

Currently the aws_keychain includes two plugins.

IAM Plugin¶ ↑

The IAM plugin will output the key and secret in the format required for an IAM credential file if you’re using the IAM Cli tools.

Example

aws_keychain --keychain=/path/to/my/keychain.json --action=iam-show --output=~/iamcreds --keyname=key1

The above example will create an IAM Credential file at ~/iamcreds with the AWS key and secret found in “key1” of “keychain.json”

A more practical example of why this might be useful…

for i in $(aws_keychain --keychain=keychain.json --list-keys --quiet)
do
  aws_keychain --keychain=keychain.json --quiet --keyname=$i --output=iamcredfile
  iam-accountgetsummary
  echo "----------------------------"
done

JSON Plugin¶ ↑

The JSON plugin will usually be used simply to view the key and secret, or to consume the JSON result with another commandline tool.

Example

aws_keychain --keychain=/path/to/my/keychain.json --action=json-show --keyname=key1

The above example will print JSON to STDOUT representing the key “key1” found in “keychain.json”. This will include all values that are part of the hash in the keychain.json file. I.E. Possibly more than just “key” and “secret”

Testing¶ ↑

Currently, aws_keychain is bundled with plugins (see “Plugins” above). The tests make the assumption that the json plugin is available when testing the aws_keychain binary. This may change later

TODO¶ ↑

Validation of keychain data
Maybe some encryption or protection?
Figure out a better plugin scheme which allows them to be distributed via rubygems.

aws_keychain

Runtime