Store your AWS keys in your KeyChain.

So you're on your Macbook, and you want to run some AWS utility, or reference your AWS keys in your code. Of course, you could wire them into the environment, with something like:

export AWS_ACCESS_KEY_ID=my-aws-key
export AWS_SECRET_ACCESS_KEY=my-super-secret-key

But you're security-conscious, and you don't want to do that. Enter the power of the MacOS KeyChain: you can run a command to look up the keys from the KeyChain.

First, add both the AWS key and the AWS secret to the keychain, as Passwords:

  • For the AWS key, use "AWS" as the name, "AWS_KEY" as the account, and put the key in the password.
  • For the AWS secret key, use "AWS" as the name, "AWS_SECRET_KEY" as the account, and put the secret key in the password.

Now define an alias in your .bash_profile:

alias with_aws='env AWS_ACCESS_KEY_ID=$(security find-generic-password -a AWS_KEY -w) AWS_SECRET_ACCESS_KEY=$(security find-generic-password -a AWS_SECRET_KEY -w) bash -c'

This alias lets you run any bash command in a subshell with those environment variables set, and when the command ends, the subshell exits and the values are forgotten.

To just run a subshell with the environment variables set, use with_aws bash.

If you'd rather have the variables defined for any bash session (which is not that secure, but it's your call), then add this to your .bash_profile:

export AWS_ACCESS_KEY_ID=$(security find-generic-password -a AWS_KEY -w)
export AWS_SECRET_ACCESS_KEY=$(security find-generic-password -a AWS_SECRET_KEY -w)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s