So you're on your Macbook, and you want to run some AWS utility, or reference your AWS keys in your code. Of course, you could wire them into the environment, with something like:
export AWS_ACCESS_KEY_ID=my-aws-key export AWS_SECRET_ACCESS_KEY=my-super-secret-key
But you're security-conscious, and you don't want to do that. Enter the power of the MacOS KeyChain: you can run a command to look up the keys from the KeyChain.
First, add both the AWS key and the AWS secret to the keychain, as Passwords:
- For the AWS key, use "AWS" as the name, "AWS_KEY" as the account, and put the key in the password.
- For the AWS secret key, use "AWS" as the name, "AWS_SECRET_KEY" as the account, and put the secret key in the password.
Now define an alias in your .bash_profile:
alias with_aws='env AWS_ACCESS_KEY_ID=$(security find-generic-password -a AWS_KEY -w) AWS_SECRET_ACCESS_KEY=$(security find-generic-password -a AWS_SECRET_KEY -w) bash -c'
This alias lets you run any bash command in a subshell with those environment variables set, and when the command ends, the subshell exits and the values are forgotten.
To just run a subshell with the environment variables set, use
If you'd rather have the variables defined for any bash session (which is not that secure, but it's your call), then add this to your .bash_profile:
export AWS_ACCESS_KEY_ID=$(security find-generic-password -a AWS_KEY -w)
export AWS_SECRET_ACCESS_KEY=$(security find-generic-password -a AWS_SECRET_KEY -w)