AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Lastpass macos3/31/2023 We are using it to create a JSON object from the lpass response. You can install it by running brew install jq. I have first learned about it earlier this year during one of Victor Vrantchan’s talks at MacDevOpsYVR. In case you haven’t used it before, jq is a command line tool for parsing and creating JSON. But wait! We do need to provide our response as JSON Now all we need to do is write a script that calls lpass and retrieves our IAM credentials from our LastPass entry. Our ~/.aws/credentials file before … aws_access_key_id = foo aws_secret_access_key = bar ![]() Our ~/.aws/config file before … region = us-west-2Īnd after: credential_process = /path/to/script region = us-west-2 All we need to do is replace our set of IAM Access Key and Secret Access Key with a path to an executable which will be called by AWS CLI to get our credentials. While browsing the AWS CLI Command Reference I came across a section about ” Sourcing Credentials From External Processes” which explains how the AWS CLI can read JSON data from stdout. We would do so by running: lpass show -username "AWS IAM credentials" lpass show -password "AWS IAM credentials" Nice, but how do we connect LastPass CLI with AWS CLI? With it we can retrieve any username and password from the command line by using the lpass command.įor example: Let’s say we want to retrieve a username and password from a LastPass entry named AWS IAM credentials. You can install it with Homebrew by running brew install lastpass-cli -with-pinentry. But I only recently started using the LastPass command line interface tool. I have been using it to manage credentials for some time. Turns out there is an easy way to protect your credentials from theft using LastPass. How to protect your credentials by using LastPass CLI Neither your local user password nor elevated privileges are needed. So anybody with access to your computer can easily steal your IAM credentials. AWS CLI stores your credentials in plain textĪs it turns out AWS CLI by default simply stores your credentials in plain text inside ~/.aws/config. ![]() We are going to need the following tools: AWS CLI, LastPass CLI (lpass), jq. That’s great for your servers but what about your personal machine? This post demonstrates a way to securely retrieve IAM credentials from LastPass and providing them to the AWS CLI. Roles allow you to grant access to other AWS resources without the need for providing credentials. One of the sometimes overlooked but incredibly valuable features of Amazon Web Services are roles.
0 Comments
Read More
Leave a Reply. |