Giters

99designs / aws-vault

A vault for securely storing and accessing AWS credentials in development environments

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

SecretService backend - prompts for new secrets' DB while using KeepassXC

WojciechRydel opened this issue · comments

commented
  • I am using the latest release of AWS Vault
  • I have provided my .aws/config (redacted if necessary)
  • I have provided the debug output using aws-vault --debug (redacted if necessary)

aws-vault --debug output

2023/05/30 11:33:53 aws-vault v7.2.0
2023/05/30 11:33:53 Using prompt driver: zenity
2023/05/30 11:33:53 Using AWS_CONFIG_FILE value: /xx/.config/aws/config
2023/05/30 11:33:53 Loading config file /home/voytech/.config/aws/config
2023/05/30 11:33:53 Parsing config file /home/voytech/.config/aws/config
2023/05/30 11:33:53 [keyring] Considering backends: [secret-service]
2023/05/30 11:33:53 Profile 'default' missing in config file
2023/05/30 11:33:53 profile xxx: using SSO role credentials
2023/05/30 11:33:53 Setting subprocess env: AWS_REGION=eu-west-1, AWS_DEFAULT_REGION=eu-west-1
2023/05/30 11:33:54 Created new OIDC client (expires at: 2023-08-28 11:33:54 +0200 CEST)
2023/05/30 11:33:54 Created OIDC device code for https://xx.awsapps.com/start (expires in: 600s)
2023/05/30 11:33:54 Opening SSO authorization page in browser
Opening the SSO authorization page in your default browser (use Ctrl-C to abort)
https://device.sso.eu-west-1.amazonaws.com/?user_code=xxx
2023/05/30 11:34:00 Created new OIDC access token for https://xx.awsapps.com/start (expires in: 28581s)

I am using KeepassXC as the SecretService underhood. Every execution of e.g. secret-tool lookup xx yy calls KeepassXC to retrieve secret.

When I configure aws-vault to use SecretService as its backend, each time I want to store some value, I am prompted to create a new KeepassXC database.

commented

Same problem here.

aws-vault --debug exec profile -- thing
2023/06/15 15:28:49 aws-vault v7.2.0
2023/06/15 15:28:49 Using prompt driver: terminal
2023/06/15 15:28:49 Loading config file /home/me/.aws/config
2023/06/15 15:28:49 Parsing config file /home/me/.aws/config
2023/06/15 15:28:49 [keyring] Considering backends: [secret-service]
2023/06/15 15:28:49 profile profile: using credential process
2023/06/15 15:28:49 Setting subprocess env: AWS_REGION=eu-west-1, AWS_DEFAULT_REGION=eu-west-1

As workaround AWS_VAULT_FILE_PASSPHRASE="" aws-vault --backend=file exec profile -- thing can be used.