Giters

99designs / aws-vault

A vault for securely storing and accessing AWS credentials in development environments

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Cannot delete an existing profile

benriou opened this issue · comments

commented

I cannot delete an existing profile on MacOs. The --force doesn't help.

What can I do to investigate further more?

aws-vault rm --debug spt-xxxxx-pre
2022/10/14 10:31:18 aws-vault 6.6.0-Homebrew
2022/10/14 10:31:18 [keyring] Considering backends: [keychain]
Delete credentials for profile "spt-xxxxxxx-pre"? (y|N) y
2022/10/14 10:31:21 [keyring] Removing keychain item service="aws-vault", account="spt-xxxxx-pre", keychain "aws-vault.keychain"
aws-vault: error: remove: The specified item could not be found in the keychain. (-25300)

CleanShot 2022-10-14 at 10 57 35

[profile spt-xxxxx-pro]
sso_start_url = https://d-xxxx.awsapps.com/start/
sso_region = eu-west-1
sso_account_id = xxxxx
sso_role_name = admin
region = eu-west-1
output = json

[profile spt-tranquility-pre]
sso_start_url = https://d-xxxxxx.awsapps.com/start/
sso_region = eu-west-1
sso_account_id = xxxxx
sso_role_name = admin
region = eu-west-1
output = json

[profile spt-xxxx-dev]
sso_start_url = https://d-xxxxx.awsapps.com/start/
sso_region = eu-west-1
sso_account_id = xxxxx
sso_role_name = admin
region = eu-west-1
output = json
  • I have provided the debug output using aws-vault --debug (redacted if necessary)
    ~  aws-vault ls --debug                                                                                                                                   ✔  10:29:19 
2022/10/14 10:29:41 aws-vault 6.6.0-Homebrew
2022/10/14 10:29:41 [keyring] Considering backends: [keychain]
2022/10/14 10:29:41 Loading config file /Users/ben/.aws/config
2022/10/14 10:29:41 Parsing config file /Users/ben/.aws/config
2022/10/14 10:29:41 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2022/10/14 10:29:41 [keyring] Found 3 results
Profile                  Credentials              Sessions
=======                  ===========              ========
spt-xxxxx-pro      -                        sso.GetRoleCredentials:-200h43m55s
spt-xxxxx-pre      -                        -
spt-xxxxx-dev      -                        -
briou-general            -                        -
briou-development        -                        -
briou-production         -                        -
-                        -                        oidc:https://briou.awsapps.com/start
-                        -                        oidc:https://d-xxxxx.awsapps.com/start/
commented

@benriou I see you're using the Homebrew distribution

The homebrew distribution does not sign binaries, so I am unclear how these work with keychain security. I myself have run into issues when using unsigned binaries with the keychain, however I've struggled to provide concrete examples to the homebrew maintainers who don't consider this an issue

Homebrew/homebrew-core#84589

My advice is to document these issues and raise them with Homebrew, or use the cask installation brew install --cask aws-vault