cyberduck icon indicating copy to clipboard operation
cyberduck copied to clipboard

Published 20 hours ago verified publisher icon iterate-ch

Support credentials_process in ~/.aws/credentials profile

Open cyberduck opened this issue 3 years ago • 3 comments

e03e1c6 created the issue

I hope the summary is almost self-explanatory. current .cyberduck profile for s3 ~/.aws/credentials does not seem to support the standard credentials_process directive. Only access_key, secret, and session token. Please enhance to support credentials_process.

cyberduck avatar May 10 '21 01:05 cyberduck

@dkocher commented

iterate-ch/cyberduck#11909 closed as duplicate.

cyberduck avatar Nov 25 '21 15:11 cyberduck

Hello there, for enterprise customers it would be awesome if the additional directives could be implemented. We are using aws-vault for obtaining credentials from the system keychain using the credential_process directive in .aws/config so that we can have a single point of truth for all credentials that is well guarded. This works very smoothly on the command line (and supports macOS keychain, Windows credential manager, and multiple Linux keychains), and even has support for MFA, temporar roles and so forth. It's the bee's knees.

Would it be possible to support credential_process to query credentials for Cyberduck?

schelhorn avatar May 12 '22 15:05 schelhorn

credentials_process would also support the new IAM Roles Anywhere feature, which uses certificates to avoid storing non-expiring credentials on hosts outside AWS.

vdm avatar Jul 15 '22 17:07 vdm

We really have a great need for this feature. We are moving to using AWS IAM Identity Center (formerly AWS SSO) credentials for all human access to our AWS environment. However, there is no way to seamlessly use this with Cyberduck without requiring users to run multiple AWS CLI commands. We have non-technical users who use Cyberduck to access S3, and this is a non-starter to expect of them.

Ideally Cyberduck would just support AWS SSO natively using underlying AWS SDK, but until then, at least support credential_process would go a long way.

blytheaw avatar Mar 15 '23 15:03 blytheaw

We really have a great need for this feature. We are moving to using AWS IAM Identity Center (formerly AWS SSO) credentials for all human access to our AWS environment. However, there is no way to seamlessly use this with Cyberduck without requiring users to run multiple AWS CLI commands. We have non-technical users who use Cyberduck to access S3, and this is a non-starter to expect of them.

Ideally Cyberduck would just support AWS SSO natively using underlying AWS SDK, but until then, at least support credential_process would go a long way.

PRs are more than welcome.

dkocher avatar Mar 15 '23 15:03 dkocher

@blytheaw you should only need to run one command, aws configure sso. Relevant: https://github.com/iterate-ch/docs/issues/414

Almenon avatar Sep 01 '23 18:09 Almenon