SecretService backend - prompts for new secrets' DB while using KeepassXC
WojciechRydel opened this issue · comments
- I am using the latest release of AWS Vault
- I have provided my
.aws/config
(redacted if necessary) - I have provided the debug output using
aws-vault --debug
(redacted if necessary)
aws-vault --debug
output
2023/05/30 11:33:53 aws-vault v7.2.0
2023/05/30 11:33:53 Using prompt driver: zenity
2023/05/30 11:33:53 Using AWS_CONFIG_FILE value: /xx/.config/aws/config
2023/05/30 11:33:53 Loading config file /home/voytech/.config/aws/config
2023/05/30 11:33:53 Parsing config file /home/voytech/.config/aws/config
2023/05/30 11:33:53 [keyring] Considering backends: [secret-service]
2023/05/30 11:33:53 Profile 'default' missing in config file
2023/05/30 11:33:53 profile xxx: using SSO role credentials
2023/05/30 11:33:53 Setting subprocess env: AWS_REGION=eu-west-1, AWS_DEFAULT_REGION=eu-west-1
2023/05/30 11:33:54 Created new OIDC client (expires at: 2023-08-28 11:33:54 +0200 CEST)
2023/05/30 11:33:54 Created OIDC device code for https://xx.awsapps.com/start (expires in: 600s)
2023/05/30 11:33:54 Opening SSO authorization page in browser
Opening the SSO authorization page in your default browser (use Ctrl-C to abort)
https://device.sso.eu-west-1.amazonaws.com/?user_code=xxx
2023/05/30 11:34:00 Created new OIDC access token for https://xx.awsapps.com/start (expires in: 28581s)
I am using KeepassXC as the SecretService underhood. Every execution of e.g. secret-tool lookup xx yy
calls KeepassXC to retrieve secret.
When I configure aws-vault
to use SecretService as its backend, each time I want to store some value, I am prompted to create a new KeepassXC database.
Same problem here.
aws-vault --debug exec profile -- thing
2023/06/15 15:28:49 aws-vault v7.2.0
2023/06/15 15:28:49 Using prompt driver: terminal
2023/06/15 15:28:49 Loading config file /home/me/.aws/config
2023/06/15 15:28:49 Parsing config file /home/me/.aws/config
2023/06/15 15:28:49 [keyring] Considering backends: [secret-service]
2023/06/15 15:28:49 profile profile: using credential process
2023/06/15 15:28:49 Setting subprocess env: AWS_REGION=eu-west-1, AWS_DEFAULT_REGION=eu-west-1
As workaround AWS_VAULT_FILE_PASSPHRASE="" aws-vault --backend=file exec profile -- thing
can be used.