A vault for securely storing and accessing AWS credentials in development environments
See the full changelog
aws-vault exec --ecs-server
starts an ECS credential server offering many advantages over the EC2 metadata server #556 #375 docs
--secret-service-collection
#539wincredui
#613pass
MFA provider that reads from pass otp
#640aws-vault proxy --stop
will stop the ec2 server proxy and remove the network alias. Fixes #548, #360aws-vault clear [<profile>]
to remove short-term session credentials and OIDC tokens #644 #591 #412AWS_MIN_TTL
will enforce a minimum expiry time on credentials #646netsh
error messages in German #610aws-vault
executable location should now be detected correctly in more instances. Fixes #596parent_profile
renamed to include_profile
. The old parent_profile
still works for backwards compatibility #520 #560 docs
aws-vault proxy
. This command is not user facing, but the old server
subcommand still works just in case for backwards compatibility #627aws-vault add
, the secret is no longer echoed back into the terminal #625--sessions-only
flag has been deprecated from the remove
command in favour of aws-vault clear
. The old flag still works for backwards compatibility--server
mode #577. If you're experiencing issues, kill any old background proxy process using sudo killall -9 aws-vault
before running aws-vault exec --server
--ecs-server
flag (this feature will be in v6)AWS_FEDERATION_TOKEN_TTL
was not correctly setting the Federation TTL #550 #551--region
to the exec
and login
commands #557 #531exec --ecs-server
flag starts a ECS credential server offering many advantages over the ec2 metadata server #556 #375~ (reverted in v5.4.3)exec
command now defaults to a login shell if SHELL is known to support -l
38262fdfccf0851b9e8e734c7804ef44235be504 #546~ (reverted in v5.4.2)