awskeyring 1.12.1 → 1.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 155240a1418a0de58a8d3bd88fe97d607cb5f68ea6655f4b3e82ad6628683dad
4
- data.tar.gz: 99224076df4e631f41e7aef1f0b8a713ff458887943303dbfd691af4e5ddd875
3
+ metadata.gz: daacd162f1bb61f73cfb0a40d13fbf64bbf4c29ff2a5fd64b93a198d7b480aac
4
+ data.tar.gz: ed615d2f74f0e2962b320dd8ca0616dc72b8190e2bdefbc29789bb90ab5f7322
5
5
  SHA512:
6
- metadata.gz: c8cfc74bf58e2886e28c3ab58f3d04955a57dbbcc4bffe9f450a472651df70f2ab3e1585dc21b1118a1f14e5ae8a1703076f56ff5215f19d623c3420c1883b65
7
- data.tar.gz: 6c0c9f2f7b5916067b016bac45a3088d349298aff18e6b90e554e7ce2791476d8a5865800e0bbe334d2b07146f8a14b6cd68312a82af43ad6aedc5ffde585106
6
+ metadata.gz: 2ed0290739e4ca068b2233fe25d5e62312cde392d2d592ddad88f979de6a078910c6abda59a40f1d4ef56b8a4fee295775dd0c5cb705d918b5c6dffbaa0c1d1f
7
+ data.tar.gz: 901e34269af131cb4f85d2811953acc6cae3cb529fb04b49880f372ad4e7547cab342b07c514bf820f19a6b91c5afcc6f5eb3b9e41ca182aed56f991224a36c6
data/LICENSE.txt CHANGED
@@ -1,6 +1,6 @@
1
1
  The MIT License (MIT)
2
2
 
3
- Copyright (c) 2016-2022 Tristan Morgan
3
+ Copyright (c) 2016-2025 Tristan Morgan
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
data/README.md CHANGED
@@ -12,6 +12,11 @@
12
12
  Awskeyring is a small tool to manage AWS account keys in the macOS Keychain. It has
13
13
  grown to incorporate a lot of [features](https://github.com/tristanmorgan/awskeyring/wiki/Awskeyring-features).
14
14
 
15
+ ## Project Status
16
+
17
+ Awskeyring is a fairly mature project so it it doesn't see frequent updates but is still being maintained.
18
+ It is tested against the version of Ruby that is shipped with the latest version of macOS, but that ruby version is dated.
19
+
15
20
  ## Motivation
16
21
 
17
22
  The motivation of this application is to provide a local secure store of AWS
@@ -79,6 +84,7 @@ The CLI is using [Thor](http://whatisthor.com) with help provided interactively.
79
84
  awskeyring remove-token ACCOUNT # Removes a token for ACCOUNT from the keyring
80
85
  awskeyring rotate ACCOUNT # Rotate access keys for an ACCOUNT
81
86
  awskeyring token ACCOUNT [ROLE] [CODE] # Create an STS Token from a ROLE or an mfa CODE
87
+ awskeyring tree # Print a tree of all available commands
82
88
  awskeyring update ACCOUNT # Updates an ACCOUNT in the keyring
83
89
 
84
90
  and autocomplete that can be installed with:
data/i18n/en.yml CHANGED
@@ -33,6 +33,7 @@ en:
33
33
  notoken: 'Do not use saved token.'
34
34
  noremote: 'Do not validate with remote api.'
35
35
  path: 'The service PATH to open.'
36
+ test: 'Generate test credentials.'
36
37
  browser: 'Specify an alternative browser.'
37
38
  secret: 'AWS account secret.'
38
39
  unset: 'Unset environment variables.'
@@ -3,6 +3,9 @@
3
3
  require 'aws-sdk-iam'
4
4
  require 'cgi'
5
5
  require 'json'
6
+ require 'securerandom'
7
+
8
+ require 'awskeyring/validate'
6
9
 
7
10
  # Awskeyring Module,
8
11
  # gives you an interface to access keychains and items.
@@ -91,8 +94,8 @@ module Awskeyring
91
94
  end
92
95
 
93
96
  {
94
- key: response.credentials[:access_key_id],
95
- secret: response.credentials[:secret_access_key],
97
+ key: Awskeyring::Validate.session_key(response.credentials[:access_key_id]),
98
+ secret: Awskeyring::Validate.secret_access_key(response.credentials[:secret_access_key]),
96
99
  token: response.credentials[:session_token],
97
100
  expiry: response.credentials[:expiration]
98
101
  }
@@ -180,6 +183,23 @@ module Awskeyring
180
183
  }
181
184
  end
182
185
 
186
+ # Generate test credentials for AWS
187
+ #
188
+ # @return [Hash] with the new credentials
189
+ # key The aws_access_key_id
190
+ # secret The aws_secret_access_key
191
+ # expiry expiry time
192
+ def self.gen_test_credentials(account:)
193
+ {
194
+ account: account,
195
+ key: "AKIA#{Array.new(16) { [*'A'..'Z', *'2'..'7'].sample }.join}",
196
+ secret: SecureRandom.base64(30),
197
+ token: nil,
198
+ expiry: nil,
199
+ role: nil
200
+ }
201
+ end
202
+
183
203
  # Retrieves an AWS Console login url
184
204
  #
185
205
  # @param [String] key The aws_access_key_id
@@ -25,6 +25,15 @@ module Awskeyring
25
25
  aws_access_key
26
26
  end
27
27
 
28
+ # Validate an AWS Session Key ID
29
+ #
30
+ # @param [String] aws_session_key The aws_session_key_id
31
+ def self.session_key(aws_session_key)
32
+ raise 'Invalid Session Key' unless /\AASIA[A-Z234567]{16}\z/.match?(aws_session_key)
33
+
34
+ aws_session_key
35
+ end
36
+
28
37
  # Validate an AWS Secret Key ID
29
38
  #
30
39
  # @param [String] aws_secret_access_key The aws_secret_access_key
@@ -6,7 +6,7 @@ require 'json'
6
6
  # Version const and query of latest.
7
7
  module Awskeyring
8
8
  # The Gem's version number
9
- VERSION = '1.12.1'
9
+ VERSION = '1.13.1'
10
10
  # The Gem's homepage
11
11
  HOMEPAGE = 'https://github.com/tristanmorgan/awskeyring'
12
12
 
@@ -109,10 +109,15 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
109
109
  desc 'env ACCOUNT', I18n.t('env_desc')
110
110
  method_option :force, type: :boolean, aliases: '-f', desc: I18n.t('method_option.force'), default: false
111
111
  method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
112
+ method_option :test, type: :boolean, aliases: '-t', desc: I18n.t('method_option.test'), default: false
112
113
  method_option :unset, type: :boolean, aliases: '-u', desc: I18n.t('method_option.unset'), default: false
113
114
  # Print Env vars
114
115
  def env(account = nil)
115
- if options[:unset]
116
+ if options[:test]
117
+ account ||= 'fakeaccount'
118
+ cred = Awskeyring::Awsapi.gen_test_credentials(account: account)
119
+ put_env_string(cred)
120
+ elsif options[:unset]
116
121
  put_env_string(account: nil, key: nil, secret: nil, token: nil)
117
122
  else
118
123
  output_safe(options[:force])
@@ -129,21 +134,32 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
129
134
  desc 'json ACCOUNT', I18n.t('json_desc')
130
135
  method_option :force, type: :boolean, aliases: '-f', desc: I18n.t('method_option.force'), default: false
131
136
  method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
137
+ method_option :test, type: :boolean, aliases: '-t', desc: I18n.t('method_option.test'), default: false
132
138
  # Print JSON for use with credential_process
133
- def json(account) # rubocop:disable Metrics/AbcSize
134
- output_safe(options[:force])
135
- account = ask_check(
136
- existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
137
- limited_to: Awskeyring.list_account_names
138
- )
139
- cred = age_check_and_get(account: account, no_token: options['no-token'])
140
- expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
141
- puts Awskeyring::Awsapi.get_cred_json(
142
- key: cred[:key],
143
- secret: cred[:secret],
144
- token: cred[:token],
145
- expiry: (expiry || (Time.new + Awskeyring::Awsapi::ONE_HOUR)).iso8601
146
- )
139
+ def json(account) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
140
+ if options[:test]
141
+ cred = Awskeyring::Awsapi.gen_test_credentials(account: account)
142
+ puts Awskeyring::Awsapi.get_cred_json(
143
+ key: cred[:key],
144
+ secret: cred[:secret],
145
+ token: cred[:token],
146
+ expiry: (Time.new + Awskeyring::Awsapi::TWELVE_HOUR).iso8601
147
+ )
148
+ else
149
+ output_safe(options[:force])
150
+ account = ask_check(
151
+ existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
152
+ limited_to: Awskeyring.list_account_names
153
+ )
154
+ cred = age_check_and_get(account: account, no_token: options['no-token'])
155
+ expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
156
+ puts Awskeyring::Awsapi.get_cred_json(
157
+ key: cred[:key],
158
+ secret: cred[:secret],
159
+ token: cred[:token],
160
+ expiry: (expiry || (Time.new + Awskeyring::Awsapi::ONE_HOUR)).iso8601
161
+ )
162
+ end
147
163
  end
148
164
 
149
165
  desc 'import ACCOUNT', I18n.t('import_desc')
data/man/awskeyring.5 CHANGED
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "AWSKEYRING" "5" "June 2024" "" ""
4
+ .TH "AWSKEYRING" "5" "June 2026" "" ""
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
@@ -95,7 +95,10 @@ Outputs bourne shell environment exports for an ACCOUNT
95
95
  \-n, \-\-no\-token: Do not use saved token\.
96
96
  .
97
97
  .br
98
- \-u, \-\-unset, \-\-no\-unset: Unset environment variables\.
98
+ \-t, \-\-test: Generate test credentials\.
99
+ .
100
+ .br
101
+ \-u, \-\-unset: Unset environment variables\.
99
102
  .
100
103
  .TP
101
104
  exec ACCOUNT command\.\.\.:
@@ -153,6 +156,9 @@ Outputs AWS CLI compatible JSON for an ACCOUNT
153
156
  .br
154
157
  \-n, \-\-no\-token: Do not use saved token\.
155
158
  .
159
+ .br
160
+ \-t, \-\-test: Generate test credentials\.
161
+ .
156
162
  .TP
157
163
  list:
158
164
  .
@@ -347,7 +353,7 @@ The motivation of this application is to provide a local secure store of AWS cre
347
353
  If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at \fItristan\.morgan@gmail\.com\fR\. Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain\. Use a strong password and keep the unlock time short\.
348
354
  .
349
355
  .SH "AUTHOR"
350
- Tristan Morgan \fItristan\.morgan@gmail\.com\fR is the maintainer of Awskeyring\.
356
+ Tristan Morgan \fItristan\.morgan@gmail\.com\fR is the maintainer and author of Awskeyring\.
351
357
  .
352
358
  .SH "CONTRIBUTORS"
353
359
  .
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: awskeyring
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.12.1
4
+ version: 1.13.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tristan Morgan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-06-04 00:00:00.000000000 Z
11
+ date: 2026-07-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-iam
@@ -92,9 +92,9 @@ licenses:
92
92
  metadata:
93
93
  bug_tracker_uri: https://github.com/tristanmorgan/awskeyring/issues
94
94
  changelog_uri: https://github.com/tristanmorgan/awskeyring/blob/main/CHANGELOG.md
95
- documentation_uri: https://rubydoc.info/gems/awskeyring/1.12.1
95
+ documentation_uri: https://rubydoc.info/gems/awskeyring/1.13.1
96
96
  rubygems_mfa_required: 'true'
97
- source_code_uri: https://github.com/tristanmorgan/awskeyring/tree/v1.12.1
97
+ source_code_uri: https://github.com/tristanmorgan/awskeyring/tree/v1.13.1
98
98
  wiki_uri: https://github.com/tristanmorgan/awskeyring/wiki
99
99
  post_install_message:
100
100
  rdoc_options: []