Created
April 15, 2020 09:58
-
-
Save salomvary/9da505866e157c11a728e9aa4674955e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Usage: | |
| # | |
| # - Install jq: https://stedolan.github.io/jq/ | |
| # - Add this script to your path, eg. to /usr/local/bin | |
| # - Add AWS access key id and secret access key to LastPass | |
| # named "AWS Credentials for my-profile profile" | |
| # - Add "credential_process = awscreds-lpass my-profile" to | |
| # the respective profile in ~/.aws/config | |
| # - Make sure you don't have credentials left in ~/.aws/credentials | |
| # | |
| # Original inspiration: | |
| # https://paulgalow.com/securing-aws-credentials-macos-lastpass | |
| set -euf | |
| readonly profile=${1:-default} | |
| readonly lastPassEntry="AWS Credentials for $profile profile" | |
| >&2 echo "Fetching '${lastPassEntry}' from LastPass" | |
| readonly accessKeyId=$(lpass show --username "$lastPassEntry") | |
| readonly secretAccessKey=$(lpass show --password "$lastPassEntry") | |
| if [ ! "$accessKeyId" ] || [ ! "$secretAccessKey" ]; then | |
| >&2 echo "Could not get credentials from LastPass" | |
| exit 1 | |
| fi | |
| # Create JSON object that AWS CLI expects | |
| jq -n \ | |
| --arg accessKeyId "$accessKeyId" \ | |
| --arg secretAccessKey "$secretAccessKey" \ | |
| '.Version = 1 | |
| | .AccessKeyId = $accessKeyId | |
| | .SecretAccessKey = $secretAccessKey' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment