Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/sh
# Usage:
#
# - Install jq: https://stedolan.github.io/jq/
# - Add this script to your path, eg. to /usr/local/bin
# - Add AWS access key id and secret access key to LastPass
# named "AWS Credentials for my-profile profile"
# - Add "credential_process = awscreds-lpass my-profile" to
# the respective profile in ~/.aws/config
# - Make sure you don't have credentials left in ~/.aws/credentials
#
# Original inspiration:
# https://paulgalow.com/securing-aws-credentials-macos-lastpass
set -euf
readonly profile=${1:-default}
readonly lastPassEntry="AWS Credentials for $profile profile"
>&2 echo "Fetching '${lastPassEntry}' from LastPass"
readonly accessKeyId=$(lpass show --username "$lastPassEntry")
readonly secretAccessKey=$(lpass show --password "$lastPassEntry")
if [ ! "$accessKeyId" ] || [ ! "$secretAccessKey" ]; then
>&2 echo "Could not get credentials from LastPass"
exit 1
fi
# Create JSON object that AWS CLI expects
jq -n \
--arg accessKeyId "$accessKeyId" \
--arg secretAccessKey "$secretAccessKey" \
'.Version = 1
| .AccessKeyId = $accessKeyId
| .SecretAccessKey = $secretAccessKey'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.