awskeyring 1.2.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/Gemfile +1 -0
- data/README.md +6 -1
- data/Rakefile +7 -1
- data/lib/awskeyring/version.rb +17 -1
- data/lib/awskeyring_command.rb +4 -0
- data/man/awskeyring.5 +188 -0
- data/man/awskeyring.5.ronn +129 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cf00f602f71d488e5786047871727580791f3805cf53055c9d720801bae6b75b
|
4
|
+
data.tar.gz: be06827683d764c13767a1cda773b81dd1bcfa5e4c09958119a1b8b63698ec9c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1adf1d2f3a8e3791494fb473a91ccebf471390120cebcbb0d1372824407637077eec4dbab37fcd4036b7f88488ba0e12e185169723144db4f5dad9222ab354b0
|
7
|
+
data.tar.gz: 2d829ba0a4fd623b52364f9b4b1e7918240722da89062f23e14c21d797bf2a7f55943579c39ae09f42933515f0ea476dfe23e6090dd98de6669da34aeda4b329
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,14 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## [v1.3.0](https://github.com/servian/awskeyring/tree/v1.3.0) (2020-02-20)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/servian/awskeyring/compare/v1.2.0...v1.3.0)
|
6
|
+
|
7
|
+
**Implemented enhancements:**
|
8
|
+
|
9
|
+
- Add a man-page and tweak README. [\#58](https://github.com/servian/awskeyring/pull/58) ([tristanmorgan](https://github.com/tristanmorgan))
|
10
|
+
- Enhanced version [\#57](https://github.com/servian/awskeyring/pull/57) ([AzySir](https://github.com/AzySir))
|
11
|
+
|
3
12
|
## [v1.2.0](https://github.com/servian/awskeyring/tree/v1.2.0) (2020-01-20)
|
4
13
|
|
5
14
|
[Full Changelog](https://github.com/servian/awskeyring/compare/v1.1.2...v1.2.0)
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -87,7 +87,7 @@ To set your environment easily the following bash function helps:
|
|
87
87
|
|
88
88
|
## Development
|
89
89
|
|
90
|
-
After checking out the repo, run `bundle update` to install dependencies. Then, run `rake` to run the tests. Run `bundle exec awskeyring` to use the gem in this directory, ignoring other installed copies of this gem. Awskeyring is tested against the last two versions of Ruby shipped with macOS.
|
90
|
+
After checking out the repo, run `bundle update` to install dependencies. Then, run `bundle exec rake` to run the tests. Run `bundle exec awskeyring` to use the gem in this directory, ignoring other installed copies of this gem. Awskeyring is tested against the last two versions of Ruby shipped with macOS.
|
91
91
|
|
92
92
|
To install this gem onto your local machine, run `bundle exec rake install`.
|
93
93
|
|
@@ -99,6 +99,11 @@ If you believe you have found a security issue in Awskeyring, please responsibly
|
|
99
99
|
|
100
100
|
Bug reports and pull requests are welcome on GitHub at https://github.com/servian/awskeyring. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](https://contributor-covenant.org) code of conduct.
|
101
101
|
|
102
|
+
### Contributors
|
103
|
+
|
104
|
+
* Tristan [tristanmorgan](https://github.com/tristanmorgan)
|
105
|
+
* Adam Sir [AzySir](https://github.com/AzySir)
|
106
|
+
|
102
107
|
## License
|
103
108
|
|
104
109
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/Rakefile
CHANGED
@@ -35,9 +35,15 @@ task :filemode do
|
|
35
35
|
print "\n"
|
36
36
|
end
|
37
37
|
|
38
|
+
desc 'generate manpage'
|
39
|
+
task :ronn do
|
40
|
+
system('ronn -w -r man/awskeyring.5.ronn')
|
41
|
+
puts
|
42
|
+
end
|
43
|
+
|
38
44
|
YARD::Rake::YardocTask.new do |t|
|
39
45
|
t.options = ['--fail-on-warning', '--no-progress']
|
40
46
|
t.stats_options = ['--list-undoc']
|
41
47
|
end
|
42
48
|
|
43
|
-
task default: %i[filemode rubocop spec yard]
|
49
|
+
task default: %i[filemode rubocop spec ronn yard]
|
data/lib/awskeyring/version.rb
CHANGED
@@ -1,8 +1,24 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'json'
|
4
|
+
|
5
|
+
# Awskeyring Module,
|
6
|
+
# Version const and query of latest.
|
3
7
|
module Awskeyring
|
4
8
|
# The Gem's version number
|
5
|
-
VERSION = '1.
|
9
|
+
VERSION = '1.3.0'
|
6
10
|
# The Gem's homepage
|
7
11
|
HOMEPAGE = 'https://github.com/servian/awskeyring'
|
12
|
+
|
13
|
+
# RubyGems Version url
|
14
|
+
GEM_VERSION_URL = 'https://rubygems.org/api/v1/versions/awskeyring/latest.json'
|
15
|
+
|
16
|
+
# Retrieve the latest version from RubyGems
|
17
|
+
#
|
18
|
+
def self.latest_version
|
19
|
+
uri = URI(GEM_VERSION_URL)
|
20
|
+
request = Net::HTTP.new(uri.host, uri.port)
|
21
|
+
request.use_ssl = true
|
22
|
+
JSON.parse(request.get(uri).body)['version']
|
23
|
+
end
|
8
24
|
end
|
data/lib/awskeyring_command.rb
CHANGED
@@ -34,9 +34,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
34
34
|
end
|
35
35
|
|
36
36
|
desc '--version, -v', I18n.t('__version.desc')
|
37
|
+
method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
|
37
38
|
# print the version number
|
38
39
|
def __version
|
39
40
|
puts "Awskeyring v#{Awskeyring::VERSION}"
|
41
|
+
if !options['no-remote'] && Awskeyring::VERSION != Awskeyring.latest_version
|
42
|
+
puts "the latest version v#{Awskeyring.latest_version}"
|
43
|
+
end
|
40
44
|
puts "Homepage #{Awskeyring::HOMEPAGE}"
|
41
45
|
end
|
42
46
|
|
data/man/awskeyring.5
ADDED
@@ -0,0 +1,188 @@
|
|
1
|
+
.\" generated with Ronn/v0.7.3
|
2
|
+
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
|
+
.
|
4
|
+
.TH "AWSKEYRING" "5" "February 2020" "" ""
|
5
|
+
.
|
6
|
+
.SH "NAME"
|
7
|
+
\fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain\.
|
8
|
+
.
|
9
|
+
.SH "SYNOPSIS"
|
10
|
+
awskeyring COMMAND [ACCOUNT|ROLE] [OPTIONS]
|
11
|
+
.
|
12
|
+
.P
|
13
|
+
awskeyring help COMMAND
|
14
|
+
.
|
15
|
+
.SH "DESCRIPTION"
|
16
|
+
The Awskeyring utility stores and manages AWS access keys and provides the facailty to generate access tokens with combinations of assumed roles and multi\-factor\-authentication codes\. It includes autocompletion features and multiple validation checks for input parsing\. It also includes the ability for the AWS CLI to call it directly to provide authentication\.
|
17
|
+
.
|
18
|
+
.P
|
19
|
+
The commands are as follows:
|
20
|
+
.
|
21
|
+
.TP
|
22
|
+
\-\-version, \-v:
|
23
|
+
.
|
24
|
+
.IP
|
25
|
+
Prints the version
|
26
|
+
.
|
27
|
+
.TP
|
28
|
+
add ACCOUNT:
|
29
|
+
.
|
30
|
+
.IP
|
31
|
+
Adds an ACCOUNT to the keyring
|
32
|
+
.
|
33
|
+
.TP
|
34
|
+
add\-role ROLE:
|
35
|
+
.
|
36
|
+
.IP
|
37
|
+
Adds a ROLE to the keyring
|
38
|
+
.
|
39
|
+
.TP
|
40
|
+
console ACCOUNT:
|
41
|
+
.
|
42
|
+
.IP
|
43
|
+
Open the AWS Console for the ACCOUNT
|
44
|
+
.
|
45
|
+
.TP
|
46
|
+
env ACCOUNT:
|
47
|
+
.
|
48
|
+
.IP
|
49
|
+
Outputs bourne shell environment exports for an ACCOUNT
|
50
|
+
.
|
51
|
+
.TP
|
52
|
+
exec ACCOUNT command\.\.\.:
|
53
|
+
.
|
54
|
+
.IP
|
55
|
+
Execute a COMMAND with the environment set for an ACCOUNT
|
56
|
+
.
|
57
|
+
.TP
|
58
|
+
help [COMMAND]:
|
59
|
+
.
|
60
|
+
.IP
|
61
|
+
Describe available commands or one specific command
|
62
|
+
.
|
63
|
+
.TP
|
64
|
+
initialise:
|
65
|
+
.
|
66
|
+
.IP
|
67
|
+
Initialises a new KEYCHAIN
|
68
|
+
.
|
69
|
+
.TP
|
70
|
+
json ACCOUNT:
|
71
|
+
.
|
72
|
+
.IP
|
73
|
+
Outputs AWS CLI compatible JSON for an ACCOUNT
|
74
|
+
.
|
75
|
+
.TP
|
76
|
+
list:
|
77
|
+
.
|
78
|
+
.IP
|
79
|
+
Prints a list of accounts in the keyring
|
80
|
+
.
|
81
|
+
.TP
|
82
|
+
list\-role:
|
83
|
+
.
|
84
|
+
.IP
|
85
|
+
Prints a list of roles in the keyring
|
86
|
+
.
|
87
|
+
.TP
|
88
|
+
remove ACCOUNT:
|
89
|
+
.
|
90
|
+
.IP
|
91
|
+
Removes an ACCOUNT from the keyring
|
92
|
+
.
|
93
|
+
.TP
|
94
|
+
remove\-role ROLE:
|
95
|
+
.
|
96
|
+
.IP
|
97
|
+
Removes a ROLE from the keyring
|
98
|
+
.
|
99
|
+
.TP
|
100
|
+
remove\-token ACCOUNT:
|
101
|
+
.
|
102
|
+
.IP
|
103
|
+
Removes a token for ACCOUNT from the keyring
|
104
|
+
.
|
105
|
+
.TP
|
106
|
+
rotate ACCOUNT:
|
107
|
+
.
|
108
|
+
.IP
|
109
|
+
Rotate access keys for an ACCOUNT
|
110
|
+
.
|
111
|
+
.TP
|
112
|
+
token ACCOUNT [ROLE] [MFA]:
|
113
|
+
.
|
114
|
+
.IP
|
115
|
+
Create an STS Token from a ROLE or an MFA code
|
116
|
+
.
|
117
|
+
.TP
|
118
|
+
update ACCOUNT:
|
119
|
+
.
|
120
|
+
.IP
|
121
|
+
Updates an ACCOUNT in the keyring
|
122
|
+
.
|
123
|
+
.SH "ENVIRONMENT"
|
124
|
+
The AWS_DEFAULT_REGION environment variable will be used for AWS API calls where specified or fall back to us\-east\-1 when not\.
|
125
|
+
.
|
126
|
+
.SH "EXIT STATUS"
|
127
|
+
The Awskeyring utility exits 0 on success, and >0 if an error occurs\.
|
128
|
+
.
|
129
|
+
.SH "EXAMPLES"
|
130
|
+
First you need to initialise your keychain to hold your AWS credentials\.
|
131
|
+
.
|
132
|
+
.IP "" 4
|
133
|
+
.
|
134
|
+
.nf
|
135
|
+
|
136
|
+
awskeyring initialise
|
137
|
+
.
|
138
|
+
.fi
|
139
|
+
.
|
140
|
+
.IP "" 0
|
141
|
+
.
|
142
|
+
.P
|
143
|
+
Then add your keys to it\.
|
144
|
+
.
|
145
|
+
.IP "" 4
|
146
|
+
.
|
147
|
+
.nf
|
148
|
+
|
149
|
+
awskeyring add personal\-aws
|
150
|
+
.
|
151
|
+
.fi
|
152
|
+
.
|
153
|
+
.IP "" 0
|
154
|
+
.
|
155
|
+
.P
|
156
|
+
Now your keys are stored safely in the macOS keychain\. To print environment variables run\.\.\.
|
157
|
+
.
|
158
|
+
.IP "" 4
|
159
|
+
.
|
160
|
+
.nf
|
161
|
+
|
162
|
+
awskeyring env personal\-aws
|
163
|
+
.
|
164
|
+
.fi
|
165
|
+
.
|
166
|
+
.IP "" 0
|
167
|
+
.
|
168
|
+
.SH "HISTORY"
|
169
|
+
The motivation of this application is to provide a local secure store of AWS credentials using specifically in the macOS Keychain, to have them easily accessed from the Terminal, and to provide useful functions like assuming roles and opening the AWS Console from the cli\. For Enterprise environments there are better suited tools to use like HashiCorp Vault \fIhttps://vaultproject\.io/\fR\.
|
170
|
+
.
|
171
|
+
.SH "SECURITY"
|
172
|
+
If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at \fItristan@vibrato\.com\.au\fR\. Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain\. Use a strong password and keep the unlock time short\.
|
173
|
+
.
|
174
|
+
.SH "AUTHOR"
|
175
|
+
Tristan Morgan \fItristan@vibrato\.com\.au\fR is the maintainer of Awskeyring\.
|
176
|
+
.
|
177
|
+
.SH "CONTRIBUTORS"
|
178
|
+
.
|
179
|
+
.IP "\(bu" 4
|
180
|
+
Tristan tristanmorgan \fIhttps://github\.com/tristanmorgan\fR
|
181
|
+
.
|
182
|
+
.IP "\(bu" 4
|
183
|
+
Adam Sir AzySir \fIhttps://github\.com/AzySir\fR
|
184
|
+
.
|
185
|
+
.IP "" 0
|
186
|
+
.
|
187
|
+
.SH "LICENSE"
|
188
|
+
The gem is available as open source under the terms of the MIT License \fIhttps://opensource\.org/licenses/MIT\fR\.
|
@@ -0,0 +1,129 @@
|
|
1
|
+
# Awskeyring -- is a small tool to manage AWS account keys in the macOS Keychain.
|
2
|
+
|
3
|
+
## SYNOPSIS
|
4
|
+
|
5
|
+
awskeyring COMMAND [ACCOUNT|ROLE] [OPTIONS]
|
6
|
+
|
7
|
+
awskeyring help COMMAND
|
8
|
+
|
9
|
+
## DESCRIPTION
|
10
|
+
|
11
|
+
The Awskeyring utility stores and manages AWS access keys and provides the facailty to generate access tokens with combinations of assumed roles and multi-factor-authentication codes. It includes autocompletion features and multiple validation checks for input parsing. It also includes the ability for the AWS CLI to call it directly to provide authentication.
|
12
|
+
|
13
|
+
The commands are as follows:
|
14
|
+
|
15
|
+
* --version, -v:
|
16
|
+
|
17
|
+
Prints the version
|
18
|
+
|
19
|
+
* add ACCOUNT:
|
20
|
+
|
21
|
+
Adds an ACCOUNT to the keyring
|
22
|
+
|
23
|
+
* add-role ROLE:
|
24
|
+
|
25
|
+
Adds a ROLE to the keyring
|
26
|
+
|
27
|
+
* console ACCOUNT:
|
28
|
+
|
29
|
+
Open the AWS Console for the ACCOUNT
|
30
|
+
|
31
|
+
* env ACCOUNT:
|
32
|
+
|
33
|
+
Outputs bourne shell environment exports for an ACCOUNT
|
34
|
+
|
35
|
+
* exec ACCOUNT command...:
|
36
|
+
|
37
|
+
Execute a COMMAND with the environment set for an ACCOUNT
|
38
|
+
|
39
|
+
* help [COMMAND]:
|
40
|
+
|
41
|
+
Describe available commands or one specific command
|
42
|
+
|
43
|
+
* initialise:
|
44
|
+
|
45
|
+
Initialises a new KEYCHAIN
|
46
|
+
|
47
|
+
* json ACCOUNT:
|
48
|
+
|
49
|
+
Outputs AWS CLI compatible JSON for an ACCOUNT
|
50
|
+
|
51
|
+
* list:
|
52
|
+
|
53
|
+
Prints a list of accounts in the keyring
|
54
|
+
|
55
|
+
* list-role:
|
56
|
+
|
57
|
+
Prints a list of roles in the keyring
|
58
|
+
|
59
|
+
* remove ACCOUNT:
|
60
|
+
|
61
|
+
Removes an ACCOUNT from the keyring
|
62
|
+
|
63
|
+
* remove-role ROLE:
|
64
|
+
|
65
|
+
Removes a ROLE from the keyring
|
66
|
+
|
67
|
+
* remove-token ACCOUNT:
|
68
|
+
|
69
|
+
Removes a token for ACCOUNT from the keyring
|
70
|
+
|
71
|
+
* rotate ACCOUNT:
|
72
|
+
|
73
|
+
Rotate access keys for an ACCOUNT
|
74
|
+
|
75
|
+
* token ACCOUNT [ROLE] [MFA]:
|
76
|
+
|
77
|
+
Create an STS Token from a ROLE or an MFA code
|
78
|
+
|
79
|
+
* update ACCOUNT:
|
80
|
+
|
81
|
+
Updates an ACCOUNT in the keyring
|
82
|
+
|
83
|
+
## ENVIRONMENT
|
84
|
+
|
85
|
+
The AWS_DEFAULT_REGION environment variable will be used for AWS API calls where specified or fall back to us-east-1 when not.
|
86
|
+
|
87
|
+
## EXIT STATUS
|
88
|
+
|
89
|
+
The Awskeyring utility exits 0 on success, and >0 if an error occurs.
|
90
|
+
|
91
|
+
## EXAMPLES
|
92
|
+
|
93
|
+
First you need to initialise your keychain to hold your AWS credentials.
|
94
|
+
|
95
|
+
awskeyring initialise
|
96
|
+
|
97
|
+
Then add your keys to it.
|
98
|
+
|
99
|
+
awskeyring add personal-aws
|
100
|
+
|
101
|
+
Now your keys are stored safely in the macOS keychain. To print environment variables run...
|
102
|
+
|
103
|
+
awskeyring env personal-aws
|
104
|
+
|
105
|
+
## HISTORY
|
106
|
+
|
107
|
+
The motivation of this application is to provide a local secure store of AWS
|
108
|
+
credentials using specifically in the macOS Keychain, to have them easily accessed
|
109
|
+
from the Terminal, and to provide useful functions like assuming roles and opening
|
110
|
+
the AWS Console from the cli.
|
111
|
+
For Enterprise environments there are better suited tools to use
|
112
|
+
like [HashiCorp Vault](https://vaultproject.io/).
|
113
|
+
|
114
|
+
## SECURITY
|
115
|
+
|
116
|
+
If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at [tristan@vibrato.com.au](mailto:tristan@vibrato.com.au). Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain. Use a strong password and keep the unlock time short.
|
117
|
+
|
118
|
+
## AUTHOR
|
119
|
+
|
120
|
+
Tristan Morgan <tristan@vibrato.com.au> is the maintainer of Awskeyring.
|
121
|
+
|
122
|
+
## CONTRIBUTORS
|
123
|
+
|
124
|
+
* Tristan [tristanmorgan](https://github.com/tristanmorgan)
|
125
|
+
* Adam Sir [AzySir](https://github.com/AzySir)
|
126
|
+
|
127
|
+
## LICENSE
|
128
|
+
|
129
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awskeyring
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tristan Morgan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-02-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-iam
|
@@ -90,6 +90,8 @@ files:
|
|
90
90
|
- lib/awskeyring/validate.rb
|
91
91
|
- lib/awskeyring/version.rb
|
92
92
|
- lib/awskeyring_command.rb
|
93
|
+
- man/awskeyring.5
|
94
|
+
- man/awskeyring.5.ronn
|
93
95
|
homepage: https://github.com/servian/awskeyring
|
94
96
|
licenses:
|
95
97
|
- MIT
|