-
Notifications
You must be signed in to change notification settings - Fork 126
netrc and netrc.gpg support (store your passwords in a file)
The Unix convention of a .netrc file is alive and well in aws!
Create a .netrc file in your home directory with this line:
machine AWS username ignored login EC2_ACCESS_KEY password EC2_SECRET_KEY
From now on, aws will use the contents of that file if the standard EC2_ACCESS_KEY and EC2_SECRET_KEY environment variables are missing.
If you encrypt the file with GPG and give it the .gpg extension, aws will automatically decrypt it by calling GPG (which also means that if you're not on the terminal, aws will not work properly). Look into the GPG Agent if you need unattended operation.
You specify the netrc line to use with the --netrc-machine switch. The default is AWS as shown in the example, but you could have AWS2 for a second set of credentials.
Git comes with credential helpers, for example it has one to parse netrc files. You would use the netrc credential helper by adding --credential-helper="git-credential-netrc -f /home/me/.netrc.gpg get" to the aws command line (that example is not very interesting, since aws already has netrc parsing built-in).
This option is interesting if you're on a platform where Git credential helpers provide native access to a platform-specific credential chain, e.g. the Secrets API or the Mac OS X credentials.