Skip to content

Fetch AWS keys and secrets from ~/.aws/credentials using a simple bash script

License

Notifications You must be signed in to change notification settings

whereisaaron/get-aws-profile-bash

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 

Repository files navigation

Fetch IAM keys and secrets from a AWS credentials file

This is a pure bash script that can parse and extract AWS credentials (key id and secret) from a ~/.aws/credentials file.

$ ./get-aws-profile.sh --help
Usage: ./get-aws-profile.sh [--credentials=<path>] [--profile=<name>] [--key|--secret]
  Default --credentials is '~/.aws/credentials'
  Default --profile is 'default'
  By default environment variables are generate, e.g.
    source $(./get-aws-profile.sh --profile=myprofile)
  You can specify one --key or --secret to get just that value, with no line break,
    FOO_KEY=$(./get-aws-profile.sh --profile=myprofile --key)
    FOO_SECRET=$(./get-aws-profile.sh --profile=myprofile --secret)

Set environment variables for 'my-example' profile

$ ./get-aws-profile.sh --profile my-example
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

$ eval $(./get-aws-profile.sh --profile my-example)

Get key and secret for 'my-example' profile

$ ./get-aws-profile.sh --profile my-example --key
AKIAIOSFODNN7EXAMPLE

$ ./get-aws-profile.sh --profile my-example --secret
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

$ export AWS_ACCESS_KEY_ID=$(./get-aws-profile.sh --profile my-example --key)
$ export AWS_SECRET_ACCESS_KEY=$(./get-aws-profile.sh --profile my-example --secret) 

Get key and secret for 'default' profile from a custom 'ini' file

$ ./get-aws-profile.sh --credentials /foo/bar/my-creds-file --key
AKIAIOSFODNN7EXAMPLE

$ ./get-aws-profile.sh --credentials /foo/bar/my-creds-file --secret
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

AWS Credentials file format

The AWS credentials file format appears to follow the old Windows 'ini' file format. Check the AWS documentation for more information.

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[my-profile]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

Rationale

I often need to include an AWS key id and secret in deployment scripts. Yet I don't want to actually include the credentials in the script or in the git repository. Many AWS client support storing AWS credentials in an ~/.aws/credentials files and using a --profile argument or AWS_DEFAULT_PROFILE environment variable. However other tools only work by setting the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables. Sometimes you need to inject these credentials into stored secrets or configurations. This script helps script these tasks whilst keeping the credentials out of your scripts and repository. I wanted a pure bash solution I could include in automated build and deployment environments.

Credits

The really cool part of this script is the 'ini' file parser written by Andres J. Diaz.

About

Fetch AWS keys and secrets from ~/.aws/credentials using a simple bash script

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages