Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support credentials_process in ~/.aws/credentials profile #11664

Open
cyberduck opened this issue May 10, 2021 · 6 comments
Open

Support credentials_process in ~/.aws/credentials profile #11664

cyberduck opened this issue May 10, 2021 · 6 comments
Assignees
@dkocher
Labels
enhancement low priority s3 AWS S3 Protocol Implementation

Comments

@cyberduck
Copy link
Collaborator

e03e1c6 created the issue

I hope the summary is almost self-explanatory. current .cyberduck profile for s3 ~/.aws/credentials does not seem to support the standard credentials_process directive. Only access_key, secret, and session token. Please enhance to support credentials_process.
@cyberduck
Copy link
Collaborator Author

@dkocher commented

#11909 closed as duplicate.

@schelhorn
Copy link

schelhorn commented May 12, 2022
edited

Hello there, for enterprise customers it would be awesome if the additional directives could be implemented. We are using aws-vault for obtaining credentials from the system keychain using the credential_process directive in .aws/config so that we can have a single point of truth for all credentials that is well guarded. This works very smoothly on the command line (and supports macOS keychain, Windows credential manager, and multiple Linux keychains), and even has support for MFA, temporar roles and so forth. It's the bee's knees.

Would it be possible to support credential_process to query credentials for Cyberduck?

@vdm
Copy link

vdm commented Jul 15, 2022
edited

credentials_process would also support the new IAM Roles Anywhere feature, which uses certificates to avoid storing non-expiring credentials on hosts outside AWS.

@blytheaw
Copy link

We really have a great need for this feature. We are moving to using AWS IAM Identity Center (formerly AWS SSO) credentials for all human access to our AWS environment. However, there is no way to seamlessly use this with Cyberduck without requiring users to run multiple AWS CLI commands. We have non-technical users who use Cyberduck to access S3, and this is a non-starter to expect of them.

Ideally Cyberduck would just support AWS SSO natively using underlying AWS SDK, but until then, at least support credential_process would go a long way.

@dkocher
Copy link
Contributor

dkocher commented Mar 15, 2023

We really have a great need for this feature. We are moving to using AWS IAM Identity Center (formerly AWS SSO) credentials for all human access to our AWS environment. However, there is no way to seamlessly use this with Cyberduck without requiring users to run multiple AWS CLI commands. We have non-technical users who use Cyberduck to access S3, and this is a non-starter to expect of them.

Ideally Cyberduck would just support AWS SSO natively using underlying AWS SDK, but until then, at least support credential_process would go a long way.

PRs are more than welcome.

@Almenon
Copy link

Almenon commented Sep 1, 2023

@blytheaw you should only need to run one command, aws configure sso. Relevant: iterate-ch/docs#414

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dkocher dkocher

Labels
enhancement low priority s3 AWS S3 Protocol Implementation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@dkocher @vdm @schelhorn @blytheaw @Almenon @cyberduck