Created
August 17, 2023 14:16
-
-
Save purcell/d0adc6534848464c8098f03caf5d9386 to your computer and use it in GitHub Desktop.
Invoke a command with AWS auth obtained from 1password
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| error_exit() { | |
| echo "$1" >&2 | |
| exit 1 | |
| } | |
| usage_exit() { | |
| cat <<EOF >&2 | |
| Looks up your AWS keys from your 1Password and exports them before running the next command | |
| USAGE: $(basename "$0") command that requires aws env vars | |
| EOF | |
| echo | |
| exit 2 | |
| } | |
| command -v op>/dev/null || error_exit "You must install the 1password CLI (e.g. via 'brew cask') and sign in" | |
| command -v jq>/dev/null || error_exit "You must have jq installed to parse JSON - google it." | |
| echo "Getting credentials from 1password" >&2 | |
| ONEPASSWORD_SECRETS=$(op get item "aws deploy my-system" || true) | |
| if [ -z "$ONEPASSWORD_SECRETS" ]; then | |
| error_exit "We couldn't find the secret, if you're not signed in to 1password you should log in by running: | |
| # eval \$(op signin my-1password-org)" | |
| fi | |
| read_secret() { | |
| jq -r ".details.sections[0].fields[] | select(.t ==\"$1\").v" <<<"$ONEPASSWORD_SECRETS" | |
| } | |
| AWS_ACCESS_KEY_ID=$(read_secret "aws_access_key_id") | |
| [ -n "$AWS_ACCESS_KEY_ID" ] || error_exit "Missing 'access key id' secret" | |
| AWS_SECRET_ACCESS_KEY=$(read_secret "aws_secret_access_key") | |
| [ -n "$AWS_SECRET_ACCESS_KEY" ] || error_exit "Missing secret access key' secret" | |
| export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY | |
| "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment