aws-keychain-util 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +15 -0
- data/aws-keychain-util.gemspec +1 -2
- data/bin/aws-creds +12 -7
- data/lib/aws-keychain-util/credential_provider.rb +20 -0
- metadata +3 -2
data/README.md
CHANGED
@@ -46,6 +46,21 @@ set in the environment:
|
|
46
46
|
|
47
47
|
$ aws-creds shell <name>
|
48
48
|
|
49
|
+
To automatically grab AWS credentials from your keychain when using
|
50
|
+
the aws-sdk gem, add the following code:
|
51
|
+
|
52
|
+
AWS.config(:credential_provider => AwsKeychainUtil::CredentialProvider.new('<name>', 'keychain name'))
|
53
|
+
|
54
|
+
## Security
|
55
|
+
|
56
|
+
Unfortunately, when Keychain whitelists either the `aws-creds` script
|
57
|
+
or a ruby application that uses the CredentialProvider for aws-sdk,
|
58
|
+
it whitelists `ruby` as a whole. This means *any* ruby script will
|
59
|
+
be able to access your AWS credentials. We recommend that you either
|
60
|
+
do not whitelist your script at all (don't click "Always Allow"), or
|
61
|
+
use a dedicated keychain with an auto-lock interval of less than five
|
62
|
+
minutes. Keychains created with `aws-creds` will automatically be
|
63
|
+
configured to auto-lock at 5 minutes.
|
49
64
|
|
50
65
|
## Contributing
|
51
66
|
|
data/aws-keychain-util.gemspec
CHANGED
@@ -1,11 +1,10 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
2
|
lib = File.expand_path('../lib', __FILE__)
|
3
3
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
-
require 'aws-keychain-util/version'
|
5
4
|
|
6
5
|
Gem::Specification.new do |gem|
|
7
6
|
gem.name = "aws-keychain-util"
|
8
|
-
gem.version = '0.0.
|
7
|
+
gem.version = '0.0.4'
|
9
8
|
gem.authors = ["Zach Wily"]
|
10
9
|
gem.email = ["zach@zwily.com"]
|
11
10
|
gem.description = %q{Helps manage a keychain of AWS credentials on OS X.}
|
data/bin/aws-creds
CHANGED
@@ -16,14 +16,19 @@ end
|
|
16
16
|
PREFS_FILE = File.expand_path "~/.aws-keychain-util"
|
17
17
|
|
18
18
|
def load_keychain
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
19
|
+
keychain = if File.exist? PREFS_FILE
|
20
|
+
prefs = JSON.parse(File.read(PREFS_FILE))
|
21
|
+
Keychain.open(prefs['aws_keychain_name'])
|
22
|
+
else
|
23
|
+
Keychain.default
|
23
24
|
end
|
24
|
-
|
25
|
-
|
26
|
-
|
25
|
+
if keychain.lock_interval > 300
|
26
|
+
$stderr.puts "Your keychain is *not* set to lock automatically in under five minutes. This could be dangerous."
|
27
|
+
if !File.exist? PREFS_FILE
|
28
|
+
$stderr.puts "You should probably run `#{$0} init` to create a new, secure keychain."
|
29
|
+
end
|
30
|
+
end
|
31
|
+
keychain
|
27
32
|
end
|
28
33
|
|
29
34
|
def get_item(name)
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'keychain'
|
2
|
+
|
3
|
+
module AwsKeychainUtil
|
4
|
+
class CredentialProvider
|
5
|
+
include AWS::Core::CredentialProviders::Provider
|
6
|
+
|
7
|
+
def initialize(item = 'AWS', keychain = nil)
|
8
|
+
@item, @keychain = item, keychain
|
9
|
+
end
|
10
|
+
|
11
|
+
def get_credentials
|
12
|
+
keychain = @keychain ? Keychain.open(@keychain) : Keychain.default
|
13
|
+
item = keychain.generic_passwords.where(:label => @item).first
|
14
|
+
{
|
15
|
+
access_key_id: item.attributes[:account],
|
16
|
+
secret_access_key: item.password
|
17
|
+
}
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-keychain-util
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-
|
12
|
+
date: 2013-04-26 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: ruby-keychain
|
@@ -58,6 +58,7 @@ files:
|
|
58
58
|
- Rakefile
|
59
59
|
- aws-keychain-util.gemspec
|
60
60
|
- bin/aws-creds
|
61
|
+
- lib/aws-keychain-util/credential_provider.rb
|
61
62
|
homepage: ''
|
62
63
|
licenses: []
|
63
64
|
post_install_message:
|