| Name | op-aws-vault JSON |
| Version |
0.0.7
JSON |
| download |
| home_page | None |
| Summary | 1Password aws-vault like utility |
| upload_time | 2024-08-05 16:36:49 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.8 |
| license | None |
| keywords |
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# op-aws-vault
A aws-vault like utility built completely on 1Password.
## What is it?
Irritated by no aws-vault 1Password integration and finding 1Password AWS plugin a bit buggy, this was an itch I wanted to scratch.
It's a small python script/utility that emulates the behaviour of `aws-vault` but completely integrated in 1Password. It wraps around the 1Password CLI.
It requires a 1Password account and 1Password CLI. It's tested on MacOS, Linux, Windows and WSL2
It uses your AWS credentials and OTP key as a means to accomplish the following:
* Exec into a shell with a (MFA'd) session of any role you can assume
* Login to the AWS console via Federation
It requires no on-disk configuration, all configuration is set up in 1Password, including roles to assume, AWS creds and One-Time-Password.
This means if you interact with AWS on different computers, you only need to set this up once in 1Password, no config setup, no key imports.
## How to install
Create Python Virtual Environment and `pip install op-aws-vault`
You need to have the 1Password CLI and GUI open and unlocked for it to work.
You may want to disable the 1Password aws plugin (`unalias aws`) as I find it interferes.
## Setup
You need to set up a 1Password item with the following attribute names (exactly):
* `access key id`(AWS Key ID)
* `secret access key` (AWS Secret Key)
* `mfa serial` (MFA Serial ARN - Optional with MFA - Recommended!)
* `one-time password` (TOTP Required for MFA)
* `default-region` (Default Region)
To assume roles you need to add text attributes with the ARNs of roles to assume with a `role-{role name}` pattern.
For example if you have a `dev` role, you would add a text attribute to 1Password item called `role-dev` and make the value the ARN of the role.
You can add as many roles as you wish.
Finally, you need to tag the item as `aws-credentials` - this allows `op-aws-vault` to find it.
It should look similar to:
## Usage
Each command requires a `role` as the first positional argument.
It can be any of the `role-{name}` roles in your 1Password or `default` for the top-level role.
Expect for 1Password to verify your identity at least once per session.
All commands accept the following optional arguments
`--region` AWS region to operate against
`--duration` Duration for session to be valid for. (1hr, 120mins etc.)
## op-aws-vault exec
This opens an authenticated shell with the role you choose
`op-aws-vault exec <role name>`
`op-aws-vault exec dev` would open a shell with
`op-aws-vault exec dev -- /bin/bash` would open a bash shell explicitly
Unlike `aws-vault`, `op-aws-vault` can be safely nested.
## op-aws-vault login
`op-aws-vault login dev` to open a web browser with a federated console Login for the `dev` role.
If you'd prefer to not open a browser, just get the URL, use the `--stdout` option to print to console.
Raw data
{
"_id": null,
"home_page": null,
"name": "op-aws-vault",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": null,
"author": null,
"author_email": "David Markey <david@dmarkey.com>",
"download_url": "https://files.pythonhosted.org/packages/20/64/67609f68d7f005f281611819a79a0971b8afc6702297129130faba823cf8/op_aws_vault-0.0.7.tar.gz",
"platform": null,
"description": "# op-aws-vault\n\nA aws-vault like utility built completely on 1Password.\n\n## What is it?\n\nIrritated by no aws-vault 1Password integration and finding 1Password AWS plugin a bit buggy, this was an itch I wanted to scratch.\n\nIt's a small python script/utility that emulates the behaviour of `aws-vault` but completely integrated in 1Password. It wraps around the 1Password CLI.\n\nIt requires a 1Password account and 1Password CLI. It's tested on MacOS, Linux, Windows and WSL2\n\nIt uses your AWS credentials and OTP key as a means to accomplish the following:\n\n* Exec into a shell with a (MFA'd) session of any role you can assume\n* Login to the AWS console via Federation\n\n\nIt requires no on-disk configuration, all configuration is set up in 1Password, including roles to assume, AWS creds and One-Time-Password.\n\nThis means if you interact with AWS on different computers, you only need to set this up once in 1Password, no config setup, no key imports.\n\n\n## How to install\n\nCreate Python Virtual Environment and `pip install op-aws-vault`\n\nYou need to have the 1Password CLI and GUI open and unlocked for it to work.\n\nYou may want to disable the 1Password aws plugin (`unalias aws`) as I find it interferes.\n## Setup\n\nYou need to set up a 1Password item with the following attribute names (exactly):\n\n* `access key id`(AWS Key ID)\n* `secret access key` (AWS Secret Key)\n* `mfa serial` (MFA Serial ARN - Optional with MFA - Recommended!)\n* `one-time password` (TOTP Required for MFA)\n* `default-region` (Default Region)\n\nTo assume roles you need to add text attributes with the ARNs of roles to assume with a `role-{role name}` pattern.\n\nFor example if you have a `dev` role, you would add a text attribute to 1Password item called `role-dev` and make the value the ARN of the role.\n\nYou can add as many roles as you wish.\n\nFinally, you need to tag the item as `aws-credentials` - this allows `op-aws-vault` to find it.\n\nIt should look similar to:\n\n![Example Configuration](images/example.png \"Example Configuration\")\n## Usage\n\nEach command requires a `role` as the first positional argument.\n\nIt can be any of the `role-{name}` roles in your 1Password or `default` for the top-level role.\n\nExpect for 1Password to verify your identity at least once per session.\n\nAll commands accept the following optional arguments\n\n`--region` AWS region to operate against\n\n`--duration` Duration for session to be valid for. (1hr, 120mins etc.)\n\n\n\n## op-aws-vault exec\n\nThis opens an authenticated shell with the role you choose\n\n`op-aws-vault exec <role name>`\n\n`op-aws-vault exec dev` would open a shell with\n\n`op-aws-vault exec dev -- /bin/bash` would open a bash shell explicitly\n\nUnlike `aws-vault`, `op-aws-vault` can be safely nested.\n\n\n\n## op-aws-vault login\n\n`op-aws-vault login dev` to open a web browser with a federated console Login for the `dev` role.\n\nIf you'd prefer to not open a browser, just get the URL, use the `--stdout` option to print to console.\n\n\n\n\n",
"bugtrack_url": null,
"license": null,
"summary": "1Password aws-vault like utility",
"version": "0.0.7",
"project_urls": {
"Bug Tracker": "https://github.com/dmarkey/op-aws-vault/issues",
"Homepage": "https://github.com/dmarkey/op-aws-vault"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "5bb927a5481a5a5f4be0bbff91a9253d48ccfe8692c0cd56c1248e0fa5b2ccfc",
"md5": "6eaffdd834be23c3cbc35e51bb40acce",
"sha256": "73889f6bd526af6b090d70a988b64dc7899a7c61dc8a1825d92ddced401fc1d8"
},
"downloads": -1,
"filename": "op_aws_vault-0.0.7-py3-none-any.whl",
"has_sig": false,
"md5_digest": "6eaffdd834be23c3cbc35e51bb40acce",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 5766,
"upload_time": "2024-08-05T16:36:47",
"upload_time_iso_8601": "2024-08-05T16:36:47.643818Z",
"url": "https://files.pythonhosted.org/packages/5b/b9/27a5481a5a5f4be0bbff91a9253d48ccfe8692c0cd56c1248e0fa5b2ccfc/op_aws_vault-0.0.7-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "206467609f68d7f005f281611819a79a0971b8afc6702297129130faba823cf8",
"md5": "3a783f12ec061071e811b8f50a145e02",
"sha256": "ced4e862b263d4768bed9bfc122bf433ff3146def3f26d1742024ff893e2b6fa"
},
"downloads": -1,
"filename": "op_aws_vault-0.0.7.tar.gz",
"has_sig": false,
"md5_digest": "3a783f12ec061071e811b8f50a145e02",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 90472,
"upload_time": "2024-08-05T16:36:49",
"upload_time_iso_8601": "2024-08-05T16:36:49.704603Z",
"url": "https://files.pythonhosted.org/packages/20/64/67609f68d7f005f281611819a79a0971b8afc6702297129130faba823cf8/op_aws_vault-0.0.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-08-05 16:36:49",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "dmarkey",
"github_project": "op-aws-vault",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "op-aws-vault"
}
