AWS CLI with Unix password manager

l-lin included in post

2022-12-30 125 words One minute

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31


$ # first create gpg key
$ gpg --full-generate-key

$ # fetch gpg key id
$ gpg --list-key
/home/foobar/.gnupg/pubring.kbx
------------------------------
pub   rsa3072 2022-12-30 [SC]
      ABC <-- this is the id
uid           [ultimate] Foo <foo@bar.ee>
sub   rsa3072 2022-12-30 [E]

$ # init pass
$ pass init <gpg_id>

$ # insert AWS creds in pass
$ pass -m aws/default
{
  "Version": 1,
  "AccessKeyId": "ABC",
  "SecretAccessKey": "XYZ"
}

$ # configure aws
$ cat <<EOF>> ~/.aws/credentials
[default]
credential_process = /usr/bin/pass aws/default
EOF

$ # use aws cli as usual
$ aws s3 ls

Resources

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html
https://www.passwordstore.org/
https://vitalyparnas.com/guides/pass/