Hi Readers, In this blog, we will see how we can install and configure the AWS vault in our system for AWS secrets, and then we will see how we can manage AWS access keys with AWS vault. Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that we make to AWS.
What is aws-vault?
- AWS vault is a tool to securely store and access AWS credentials in a development environment.
- AWS vault stores IAM credentials in the operating system’s secure keystore and then generates temporary credentials from those to expose to the shell and applications. To read more see this.
Why to store it in vault?
By keeping the AWS Secret Access Key and Access Key Id in AWS-vault we don’t need to keep these inside the configuration file of our project anymore. For example, if working on a terraform project, we need to provide these tokens inside provider.tf to make it available for Terraform to make a connection with our AWS console.
It also leverages us with the freedom to create multiple profiles with different aws tokens.
How to do this?
#!/bin/bash # get latest version sudo curl -L -o /usr/local/bin/aws-vault https://github.com/99designs/aws-vault/releases/latest/download/aws-vault-linux-amd64 sudo chmod 755 /usr/local/bin/aws-vault echo "aws-vault has been installed"
aws-vault add knoldusVault
Make Vault active for specific time duration
aws-vault exec --duration=12h knoldusVault
This executes a command with AWS credentials in the environment to set the duration of temporary or assume-role sessions. By default it is for 1h.
List all profiles
Alternatively you can also see all profiles listed inside ~/.aws/config file as well
That’s all for this blog. In this blog we understood the basics of aws-vault and also created a vault profile with our aws secrets.
Thank you for following this blog till end. If you found this blog helpful do share this blog with your colleagues. In case of any feedback, suggestion or question reach out to me at firstname.lastname@example.org.