Skip to content

Instantly share code, notes, and snippets.

@salomvary
Created April 15, 2020 09:58
Show Gist options
  • Save salomvary/9da505866e157c11a728e9aa4674955e to your computer and use it in GitHub Desktop.
Save salomvary/9da505866e157c11a728e9aa4674955e to your computer and use it in GitHub Desktop.
#!/bin/sh
# Usage:
#
# - Install jq: https://stedolan.github.io/jq/
# - Add this script to your path, eg. to /usr/local/bin
# - Add AWS access key id and secret access key to LastPass
# named "AWS Credentials for my-profile profile"
# - Add "credential_process = awscreds-lpass my-profile" to
# the respective profile in ~/.aws/config
# - Make sure you don't have credentials left in ~/.aws/credentials
#
# Original inspiration:
# https://paulgalow.com/securing-aws-credentials-macos-lastpass
set -euf
readonly profile=${1:-default}
readonly lastPassEntry="AWS Credentials for $profile profile"
>&2 echo "Fetching '${lastPassEntry}' from LastPass"
readonly accessKeyId=$(lpass show --username "$lastPassEntry")
readonly secretAccessKey=$(lpass show --password "$lastPassEntry")
if [ ! "$accessKeyId" ] || [ ! "$secretAccessKey" ]; then
>&2 echo "Could not get credentials from LastPass"
exit 1
fi
# Create JSON object that AWS CLI expects
jq -n \
--arg accessKeyId "$accessKeyId" \
--arg secretAccessKey "$secretAccessKey" \
'.Version = 1
| .AccessKeyId = $accessKeyId
| .SecretAccessKey = $secretAccessKey'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment