I recently developed a tool to help me manage my AWS credentials on my machine. I bounce back and forth between work, my projects, and side projects for other people many times throughout the week. I reached a point where I had to figure out what I was going to do to manage all the different AWS credentials for each account. At my current job, I use a tool called kubectx to switch between the different Kubernetes clusters throughout the day. I love how it works so I wrote a tool that does the same thing as kubectx but for AWS accounts. If your interested, make sure to check out the GitHub repository and try it out!
The goal of awsctx is to make it easy for a user to add, activate, and delete credentials easily without having to manually maintain different files. Another problem that awsctx solves is the storing of the AWS credentials in plain text. Regardless of how many permissions each of my AWS IAM users has been given, if someone were to gain access to the credentials they could access or disrupt services that they shouldn't. Having these credentials in plain text on my computer leaves me with a bad feeling in my stomach. To solve this problem, awsctx works with a tool called aescrypt to encrypt the credentials it stores. The user is only required to remember a single password.
Getting Started with Awsctx
Creating a Context
After installing, see the REAME.md for information on how to do that, the first thing to do is to add your first context. You can do this by running the command
awsctx -n. You will be prompted to create a password for storing the credentials the first time you run any awsctx command. After that, a lot of the commands won't require a password, but anytime you actually touch credentials directly you will need to enter your password.
Creating a new encrypted file to store aws credentials... You will be prompted to create a password. Awsctx Encryption Password: Context Name: <NAME> AWS Access Key ID: <ID> Aws Secret Access Key: <KEY> Created context "<NAME>"...
Setting Environment Variables
Now that you have some credentials stored, the next time you need to run a command through the AWS cli or your web server or whatever it may be that requires your credentials, you can run the following command to export the environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY.
source awsctx -e <NAME>.
Listing Available Contexts
The point of awsctx isn't just to be able to source a single set of credentials but to easily manage many different pairs. There are two ways that awsctx can present your contexts to you. The first is to run the command
awsctx. Which will simply return to you a list of contexts with the current selected context highlighted. The second way makes use of fzf. When you run a command such as
awsctx -e or
awsctx -s and you don't provide a context name to switch to, it will present a list to you using fzf so you can fuzzy search through the list of contexts and choose the one that you are looking for.
Make sure to review the full list of commands available (shown by
USAGE: awsctx : list the contexts awsctx <NAME> : switch to context <NAME> awsctx - : switch to the previous context awsctx -e, --export <NAME> : export context as env, e.g. source awsctx -e <name> awsctx -c, --current : show the current context name awsctx -s, --set <NAME> : fill ~/.aws/credentials with context variables awsctx -n, --new : create a new aws context awsctx -p, --password : change encryption password awsctx <NEW_NAME>=<NAME> : rename context <NAME> to <NEW_NAME> awsctx <NEW_NAME>=. : rename current_context to <NEW_NAME> awsctx -d <NAME> [<NAME...>] : delete context <NAME> ('.' for current_context) (this command won't delete the credentials in ~/.aws/credentials) awsctx -h,--help : show this message
If you end up trying awsctx, let me know what you think. I'd love to hear your feedback whether that's bugs you have found, comments on the code, or ideas for other features. Hopefully this tool helps you out and makes your life just a little bit easier.