awskeyring 1.12.1 → 1.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.txt +1 -1
- data/README.md +5 -0
- data/i18n/en.yml +1 -0
- data/lib/awskeyring/awsapi.rb +18 -0
- data/lib/awskeyring/version.rb +1 -1
- data/lib/awskeyring_command.rb +31 -15
- data/man/awskeyring.5 +9 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 77b3d983a4ed2fefb518f35a38a93070b200b7c6d6a22cb189bf3df954636c6b
|
|
4
|
+
data.tar.gz: '085d5f2dd6622efd844dcbb952a92030ed9cafb4e52098f96b7fee904c3a5739'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cb99fad81b567e8db647ad41b7c3d56c2a42000006c5ef1f9adc9c72db3f524a043c6a0e55d17e82977b9308e242604f5fe4473ab49065698ec440d95fe09727
|
|
7
|
+
data.tar.gz: f39f3e192b664eab640662e0e74c3d1db37939a4048ee6990c8e1bb411f9b053b24c2dc8614b8ea5f46bc2509a1419b1f32ef5b9799fa6b8284a0930ff4056d9
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -12,6 +12,11 @@
|
|
|
12
12
|
Awskeyring is a small tool to manage AWS account keys in the macOS Keychain. It has
|
|
13
13
|
grown to incorporate a lot of [features](https://github.com/tristanmorgan/awskeyring/wiki/Awskeyring-features).
|
|
14
14
|
|
|
15
|
+
## Project Status
|
|
16
|
+
|
|
17
|
+
Awskeyring is a fairly mature project so it it doesn't see frequent updates but is still being maintained.
|
|
18
|
+
It is tested against the version of Ruby that is shipped with the latest version of macOS, but that ruby version is dated.
|
|
19
|
+
|
|
15
20
|
## Motivation
|
|
16
21
|
|
|
17
22
|
The motivation of this application is to provide a local secure store of AWS
|
data/i18n/en.yml
CHANGED
|
@@ -33,6 +33,7 @@ en:
|
|
|
33
33
|
notoken: 'Do not use saved token.'
|
|
34
34
|
noremote: 'Do not validate with remote api.'
|
|
35
35
|
path: 'The service PATH to open.'
|
|
36
|
+
test: 'Generate test credentials.'
|
|
36
37
|
browser: 'Specify an alternative browser.'
|
|
37
38
|
secret: 'AWS account secret.'
|
|
38
39
|
unset: 'Unset environment variables.'
|
data/lib/awskeyring/awsapi.rb
CHANGED
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require 'aws-sdk-iam'
|
|
4
4
|
require 'cgi'
|
|
5
5
|
require 'json'
|
|
6
|
+
require 'securerandom'
|
|
6
7
|
|
|
7
8
|
# Awskeyring Module,
|
|
8
9
|
# gives you an interface to access keychains and items.
|
|
@@ -180,6 +181,23 @@ module Awskeyring
|
|
|
180
181
|
}
|
|
181
182
|
end
|
|
182
183
|
|
|
184
|
+
# Generate test credentials for AWS
|
|
185
|
+
#
|
|
186
|
+
# @return [Hash] with the new credentials
|
|
187
|
+
# key The aws_access_key_id
|
|
188
|
+
# secret The aws_secret_access_key
|
|
189
|
+
# expiry expiry time
|
|
190
|
+
def self.gen_test_credentials(account:)
|
|
191
|
+
{
|
|
192
|
+
account: account,
|
|
193
|
+
key: "AKIA#{Array.new(16) { [*'A'..'Z', *'2'..'7'].sample }.join}",
|
|
194
|
+
secret: SecureRandom.base64(30),
|
|
195
|
+
token: nil,
|
|
196
|
+
expiry: nil,
|
|
197
|
+
role: nil
|
|
198
|
+
}
|
|
199
|
+
end
|
|
200
|
+
|
|
183
201
|
# Retrieves an AWS Console login url
|
|
184
202
|
#
|
|
185
203
|
# @param [String] key The aws_access_key_id
|
data/lib/awskeyring/version.rb
CHANGED
data/lib/awskeyring_command.rb
CHANGED
|
@@ -109,10 +109,15 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
109
109
|
desc 'env ACCOUNT', I18n.t('env_desc')
|
|
110
110
|
method_option :force, type: :boolean, aliases: '-f', desc: I18n.t('method_option.force'), default: false
|
|
111
111
|
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
|
|
112
|
+
method_option :test, type: :boolean, aliases: '-t', desc: I18n.t('method_option.test'), default: false
|
|
112
113
|
method_option :unset, type: :boolean, aliases: '-u', desc: I18n.t('method_option.unset'), default: false
|
|
113
114
|
# Print Env vars
|
|
114
115
|
def env(account = nil)
|
|
115
|
-
if options[:
|
|
116
|
+
if options[:test]
|
|
117
|
+
account ||= 'fakeaccount'
|
|
118
|
+
cred = Awskeyring::Awsapi.gen_test_credentials(account: account)
|
|
119
|
+
put_env_string(cred)
|
|
120
|
+
elsif options[:unset]
|
|
116
121
|
put_env_string(account: nil, key: nil, secret: nil, token: nil)
|
|
117
122
|
else
|
|
118
123
|
output_safe(options[:force])
|
|
@@ -129,21 +134,32 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
129
134
|
desc 'json ACCOUNT', I18n.t('json_desc')
|
|
130
135
|
method_option :force, type: :boolean, aliases: '-f', desc: I18n.t('method_option.force'), default: false
|
|
131
136
|
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
|
|
137
|
+
method_option :test, type: :boolean, aliases: '-t', desc: I18n.t('method_option.test'), default: false
|
|
132
138
|
# Print JSON for use with credential_process
|
|
133
|
-
def json(account) # rubocop:disable Metrics/AbcSize
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
139
|
+
def json(account) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
|
140
|
+
if options[:test]
|
|
141
|
+
cred = Awskeyring::Awsapi.gen_test_credentials(account: account)
|
|
142
|
+
puts Awskeyring::Awsapi.get_cred_json(
|
|
143
|
+
key: cred[:key],
|
|
144
|
+
secret: cred[:secret],
|
|
145
|
+
token: cred[:token],
|
|
146
|
+
expiry: (Time.new + Awskeyring::Awsapi::TWELVE_HOUR).iso8601
|
|
147
|
+
)
|
|
148
|
+
else
|
|
149
|
+
output_safe(options[:force])
|
|
150
|
+
account = ask_check(
|
|
151
|
+
existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
|
|
152
|
+
limited_to: Awskeyring.list_account_names
|
|
153
|
+
)
|
|
154
|
+
cred = age_check_and_get(account: account, no_token: options['no-token'])
|
|
155
|
+
expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
|
|
156
|
+
puts Awskeyring::Awsapi.get_cred_json(
|
|
157
|
+
key: cred[:key],
|
|
158
|
+
secret: cred[:secret],
|
|
159
|
+
token: cred[:token],
|
|
160
|
+
expiry: (expiry || (Time.new + Awskeyring::Awsapi::ONE_HOUR)).iso8601
|
|
161
|
+
)
|
|
162
|
+
end
|
|
147
163
|
end
|
|
148
164
|
|
|
149
165
|
desc 'import ACCOUNT', I18n.t('import_desc')
|
data/man/awskeyring.5
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
|
3
3
|
.
|
|
4
|
-
.TH "AWSKEYRING" "5" "
|
|
4
|
+
.TH "AWSKEYRING" "5" "February 2025" "" ""
|
|
5
5
|
.
|
|
6
6
|
.SH "NAME"
|
|
7
7
|
\fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
|
|
@@ -95,7 +95,10 @@ Outputs bourne shell environment exports for an ACCOUNT
|
|
|
95
95
|
\-n, \-\-no\-token: Do not use saved token\.
|
|
96
96
|
.
|
|
97
97
|
.br
|
|
98
|
-
\-
|
|
98
|
+
\-t, \-\-test: Generate test credentials\.
|
|
99
|
+
.
|
|
100
|
+
.br
|
|
101
|
+
\-u, \-\-unset: Unset environment variables\.
|
|
99
102
|
.
|
|
100
103
|
.TP
|
|
101
104
|
exec ACCOUNT command\.\.\.:
|
|
@@ -153,6 +156,9 @@ Outputs AWS CLI compatible JSON for an ACCOUNT
|
|
|
153
156
|
.br
|
|
154
157
|
\-n, \-\-no\-token: Do not use saved token\.
|
|
155
158
|
.
|
|
159
|
+
.br
|
|
160
|
+
\-t, \-\-test: Generate test credentials\.
|
|
161
|
+
.
|
|
156
162
|
.TP
|
|
157
163
|
list:
|
|
158
164
|
.
|
|
@@ -347,7 +353,7 @@ The motivation of this application is to provide a local secure store of AWS cre
|
|
|
347
353
|
If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at \fItristan\.morgan@gmail\.com\fR\. Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain\. Use a strong password and keep the unlock time short\.
|
|
348
354
|
.
|
|
349
355
|
.SH "AUTHOR"
|
|
350
|
-
Tristan Morgan \fItristan\.morgan@gmail\.com\fR is the maintainer of Awskeyring\.
|
|
356
|
+
Tristan Morgan \fItristan\.morgan@gmail\.com\fR is the maintainer and author of Awskeyring\.
|
|
351
357
|
.
|
|
352
358
|
.SH "CONTRIBUTORS"
|
|
353
359
|
.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awskeyring
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.13.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tristan Morgan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-02-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-iam
|
|
@@ -92,9 +92,9 @@ licenses:
|
|
|
92
92
|
metadata:
|
|
93
93
|
bug_tracker_uri: https://github.com/tristanmorgan/awskeyring/issues
|
|
94
94
|
changelog_uri: https://github.com/tristanmorgan/awskeyring/blob/main/CHANGELOG.md
|
|
95
|
-
documentation_uri: https://rubydoc.info/gems/awskeyring/1.
|
|
95
|
+
documentation_uri: https://rubydoc.info/gems/awskeyring/1.13.0
|
|
96
96
|
rubygems_mfa_required: 'true'
|
|
97
|
-
source_code_uri: https://github.com/tristanmorgan/awskeyring/tree/v1.
|
|
97
|
+
source_code_uri: https://github.com/tristanmorgan/awskeyring/tree/v1.13.0
|
|
98
98
|
wiki_uri: https://github.com/tristanmorgan/awskeyring/wiki
|
|
99
99
|
post_install_message:
|
|
100
100
|
rdoc_options: []
|