Christophe Tafani-Dereeper

AWS SSO roles and accounts you have access to frequently change. I find myself having to manually juggle with my `.aws/config` a lot, and that's why people created tooling like...

I see it as: `aws-vault login`behavior should be the same, no matter where the credentials are coming from. The previous behavior for keychain credentials was: - If long-lived IAM credentials,...

@mtibben What do you think of the above? The argument here is to make sure the behavior of `aws-vault login` is the same when running it against a profile vs....

@mtibben Any thoughts? I heard back from folks that this is the behavior they would expect

Note that aws-login is _already_ [generating temporary credentials automatically](https://github.com/99designs/aws-vault/blob/master/cli/login.go#L106). The relevant existing parameters are: ``` $ aws-vault login --help usage: aws-vault login [] [] Generate a login link for the...

👋🏼 @mtibben Any feedback on the above! Looking forward to get this merged!

Seems what's challenging is that: - aws-vault depends on `github.com/99designs/keyring` to access the OS keyring in an OS-independent way - `github.com/99designs/keyring` depends on `github.com/99designs/go-keychain` to access the Mac OS keychain...

Note: _"export the required environment variables in the same shell"_ is actually not possible. Possibilities I see: 1. Spin up a new process - in this case the `refresh` command...

Here's the use-case more precisely: 1. Use `aws-vault exec my-role` to retrieve temporary STS credentials 2. Do some work 3. At some point, the credentials expire. But I don't want...

/remove-lifecycle stale