Manage AWS Secrets with aws-vault

aws
Reading Time: 2 minutes

Hi Readers, In this blog, we will see how we can install and configure the AWS vault in our system for AWS secrets, and then we will see how we can manage AWS access keys with AWS vault. Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that we make to AWS.

What is aws-vault?

  • AWS vault is a tool to securely store and access AWS credentials in a development environment.
  • AWS vault stores IAM credentials in the operating system’s secure keystore and then generates temporary credentials from those to expose to the shell and applications. To read more see this.

Why to store it in vault?

By keeping the AWS Secret Access Key and Access Key Id in AWS-vault we don’t need to keep these inside the configuration file of our project anymore. For example, if working on a terraform project, we need to provide these tokens inside provider.tf to make it available for Terraform to make a connection with our AWS console.

It also leverages us with the freedom to create multiple profiles with different aws tokens.

How to do this?

Installing aws-vault

#!/bin/bash
# get latest version
sudo curl -L -o /usr/local/bin/aws-vault https://github.com/99designs/aws-vault/releases/latest/download/aws-vault-linux-amd64  
sudo chmod 755 /usr/local/bin/aws-vault
echo "aws-vault has been installed"

Configure Vault

aws-vault add knoldusVault

Make Vault active for specific time duration

aws-vault exec --duration=12h knoldusVault

This executes a command with AWS credentials in the environment to set the duration of temporary or assume-role sessions. By default it is for 1h.

List all profiles

aws-vault ls

Alternatively you can also see all profiles listed inside ~/.aws/config file as well

That’s all for this blog. In this blog we understood the basics of aws-vault and also created a vault profile with our aws secrets.

Thank you for following this blog till end. If you found this blog helpful do share this blog with your colleagues. In case of any feedback, suggestion or question reach out to me at nitin.mishra@knoldus.com.

References

knoldus

Written by 

Nitin Mishra is a Software Consultant at Knoldus Software LLP. He has done MCA from GGSIPU and completed Bachelor of Science in Computer Science from Delhi University. He is a tech enthusiast with good knowledge of Java. He is majorly focused in DevOps practice. On personal front he loves to travel mountains and writes poetry.