Cannot delete an existing profile
benriou opened this issue · comments
I cannot delete an existing profile on MacOs. The --force doesn't help.
What can I do to investigate further more?
aws-vault rm --debug spt-xxxxx-pre
2022/10/14 10:31:18 aws-vault 6.6.0-Homebrew
2022/10/14 10:31:18 [keyring] Considering backends: [keychain]
Delete credentials for profile "spt-xxxxxxx-pre"? (y|N) y
2022/10/14 10:31:21 [keyring] Removing keychain item service="aws-vault", account="spt-xxxxx-pre", keychain "aws-vault.keychain"
aws-vault: error: remove: The specified item could not be found in the keychain. (-25300)
[profile spt-xxxxx-pro]
sso_start_url = https://d-xxxx.awsapps.com/start/
sso_region = eu-west-1
sso_account_id = xxxxx
sso_role_name = admin
region = eu-west-1
output = json
[profile spt-tranquility-pre]
sso_start_url = https://d-xxxxxx.awsapps.com/start/
sso_region = eu-west-1
sso_account_id = xxxxx
sso_role_name = admin
region = eu-west-1
output = json
[profile spt-xxxx-dev]
sso_start_url = https://d-xxxxx.awsapps.com/start/
sso_region = eu-west-1
sso_account_id = xxxxx
sso_role_name = admin
region = eu-west-1
output = json
- I have provided the debug output using
aws-vault --debug
(redacted if necessary)
~ aws-vault ls --debug ✔ 10:29:19
2022/10/14 10:29:41 aws-vault 6.6.0-Homebrew
2022/10/14 10:29:41 [keyring] Considering backends: [keychain]
2022/10/14 10:29:41 Loading config file /Users/ben/.aws/config
2022/10/14 10:29:41 Parsing config file /Users/ben/.aws/config
2022/10/14 10:29:41 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2022/10/14 10:29:41 [keyring] Found 3 results
Profile Credentials Sessions
======= =========== ========
spt-xxxxx-pro - sso.GetRoleCredentials:-200h43m55s
spt-xxxxx-pre - -
spt-xxxxx-dev - -
briou-general - -
briou-development - -
briou-production - -
- - oidc:https://briou.awsapps.com/start
- - oidc:https://d-xxxxx.awsapps.com/start/
@benriou I see you're using the Homebrew distribution
The homebrew distribution does not sign binaries, so I am unclear how these work with keychain security. I myself have run into issues when using unsigned binaries with the keychain, however I've struggled to provide concrete examples to the homebrew maintainers who don't consider this an issue
My advice is to document these issues and raise them with Homebrew, or use the cask installation brew install --cask aws-vault