So I moved blog hosts, and left Livejournal. This was not the result of some long soul-searching process, but the outcome of scratching one particular itch: I write posts that contain code or sometimes guitar tab and I was getting irritated with how complex Livejournal made it to do any sort of formatting.
Plus… I love markdown. You can get used to it very quickly when writing descriptions in github, and we use big, detailed markdown README files at Mobify. So I want that power when writing blogposts.
Plus… WordPress.com promised to import my old blog, comments and all.
The only downside is that some other Ben Last, somewhere in the world, has registered benlast.wordpress.com and put an empty, unused blog there, meaning that I can’t use that blog name. The name I used, Kajikazawa, is from a Hokusai picture, a copy of which I once owned, before I sold almost everything and moved to Canada. Let the new blog start be as cathartic as the new life start.
So you're on your Macbook, and you want to run some AWS utility, or reference your AWS keys in your code. Of course, you could wire them into the environment, with something like:
But you're security-conscious, and you don't want to do that. Enter the power of the MacOS KeyChain: you can run a command to look up the keys from the KeyChain.
First, add both the AWS key and the AWS secret to the keychain, as Passwords:
- For the AWS key, use "AWS" as the name, "AWS_KEY" as the account, and put the key in the password.
- For the AWS secret key, use "AWS" as the name, "AWS_SECRET_KEY" as the account, and put the secret key in the password.
Now define an alias in your .bash_profile:
alias with_aws='env AWS_ACCESS_KEY_ID=$(security find-generic-password -a AWS_KEY -w) AWS_SECRET_ACCESS_KEY=$(security find-generic-password -a AWS_SECRET_KEY -w) bash -c'
This alias lets you run any bash command in a subshell with those environment variables set, and when the command ends, the subshell exits and the values are forgotten.
To just run a subshell with the environment variables set, use
If you'd rather have the variables defined for any bash session (which is not that secure, but it's your call), then add this to your .bash_profile:
export AWS_ACCESS_KEY_ID=$(security find-generic-password -a AWS_KEY -w)
export AWS_SECRET_ACCESS_KEY=$(security find-generic-password -a AWS_SECRET_KEY -w)