Skip to content

Instantly share code, notes, and snippets.

@nitrocode

nitrocode/README.md

Last active May 13, 2021 17:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nitrocode/cd864db74a29ea52c7b36977573d01cb to your computer and use it in GitHub Desktop.
Save nitrocode/cd864db74a29ea52c7b36977573d01cb to your computer and use it in GitHub Desktop.
Download ZIP
Launchd plist for aws-vault proxy for --server or metadata service
Raw
README.md

Potential plist for aws-vault --server

References

Setup

logging directories

sudo mkdir -p /var/log/aws_vault
sudo chown $(id -u):$(id -g) /var/log/aws_vault

plists

Download proxy to root (this works)

sudo wget \
  https://gist.githubusercontent.com/nitrocode/cd864db74a29ea52c7b36977573d01cb/raw/local.aws_vault_proxy.plist \
  -O /Library/LaunchDaemons/local.aws_vault_proxy.plist

Download server plist to root (this is a WIP)

wget \
  https://gist.githubusercontent.com/nitrocode/cd864db74a29ea52c7b36977573d01cb/raw/local.aws_vault_server.plist \
  -O ~/Library/LaunchAgents/local.aws_vault_server.plist

Modify the plists to use your own sso profiles

load

proxy

sudo launchctl load -w /Library/LaunchDaemons/local.aws_vault_proxy.plist

server (this still doesn't work correctly)

launchctl load -w ~/Library/LaunchAgents/local.aws_vault_server.plist
Raw
local.aws_vault_proxy.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>local.aws_vault_proxy</string>
<key>EnvironmentVariables</key>
<dict>
<key>AWS_VAULT_PROMPT</key>
<string>osascript</string>
<key>AWS_VAULT_KEYCHAIN_NAME</key>
<string>login</string>
</dict>
<key>KeepAlive</key>
<true/>
<key>StandardOutPath</key>
<string>/var/log/aws_vault/proxy.log</string>
<key>StandardErrorPath</key>
<string>/var/log/aws_vault/proxy.errors.log</string>
<key>Program</key>
<string>/usr/local/bin/aws-vault</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/aws-vault</string>
<string>proxy</string>
</array>
<!-- keychain access -->
<key>SessionCreate</key>
<true/>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Raw
local.aws_vault_server.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>local.aws_vault_server</string>
<!--
<key>EnvironmentVariables</key>
<dict>
<key>AWS_VAULT_PROMPT</key>
<string>osascript</string>
<key>AWS_VAULT_KEYCHAIN_NAME</key>
<string>login</string>
</dict>
-->
<key>KeepAlive</key>
<true/>
<key>StandardOutPath</key>
<string>/var/log/aws_vault/server.log</string>
<key>StandardErrorPath</key>
<string>/var/log/aws_vault/server.errors.log</string>
<key>Program</key>
<string>/usr/local/bin/aws-vault</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/aws-vault</string>
<string>exec</string>
<string>sso_engineer</string>
<string>--server</string>
<string>--no-daemonize</string> <!-- additional switch in pr -->
<string>--debug</string>
</array>
<!-- do not add this as it will conflict with the --server -->
<!--
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockNodeName</key>
<string>127.0.0.1</string>
<key>SockServiceName</key>
<string>9099</string>
<key>SockType</key>
<string>stream</string>
<key>SockProtocol</key>
<string>TCP</string>
<key>SockFamily</key>
<string>IPv4</string>
</dict>
</dict>
-->
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<false/>
</dict>
<!-- this prevents writing to the keychain -->
<!--
<key>SessionCreate</key>
<true/>
-->
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment