vaulted icon indicating copy to clipboard operation
vaulted copied to clipboard

Published 20 hours ago verified publisher icon miquella

User-friendly handling of expired sessions

Open holyjak opened this issue 6 years ago • 1 comments

I often have the shell open for quite a while, e.g. while developing my Terraform setup, an running commands against AWS. Then suddenly they start to timeout / fail in weird ways and I have to remember that the token has likely expired and to quite & restart vaulted. The main pain point here is the realization that the session has expired.

Possible solutions:

  1. Vaulted automatically detects that the token has expired and prints a warning about it
  2. As 1. but vaulted does also exit the current shell so that it is ready to be started again
  3. As 1. but provide a command to refresh the session (ask for psw, MFA token again if necessary, replace the AWS env vars with new ones)
  4. Perhaps refresh the session automatically?
  5. ...

What do you think?

(Perhaps somewhat related to #107 ?)

holyjak avatar Nov 22 '18 12:11 holyjak

I run into this issue multiple times a day and there are a couple of things to note.

  1. Vaulted just runs and spawns the shell and then is done.
  2. In order for it to detect anything you would need to keep a background process running that is aware of the sessions that are open.
  3. You can't request a new token from a spawned session.
  4. The background service would need to reach into a spawned session in order to request a new MFA token or vaulted would have to have support built-in for various MFA solutions to automatically pull a token value.

These are all really huge problems to solve for something that is fairly straightforward and quite good at what it does. I use a shell plugin to report back how much time is left in my session and it does a pretty good job of keeping me from running commands that I know are going to fail. Green means go(ish) and red means stop, exit, vaulted shell blahblah, etc:

function vaulted_prompt_info() {
  local vaulted_env="$VAULTED_ENV"
  local bg_color="green"

  if [[ -n $vaulted_env ]]; then
    local ttl=$(datediff now $VAULTED_ENV_EXPIRATION -f %M)
    [[ $ttl -lt 0 ]] && bg_color="red"
    prompt_segment $bg_color black "(vs: `echo $vaulted_env` `echo $ttl`)"
    prompt_end
  fi
}

tthayer avatar Nov 11 '20 19:11 tthayer