Linux command
aws-vault 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Add
aws-vault add [profile-name]
Execute
aws-vault exec [profile-name] -- aws s3 ls
Login
aws-vault login [profile-name]
List
aws-vault list
Remove
aws-vault remove [profile-name]
Rotate
aws-vault rotate [profile-name]
说明
aws-vault securely stores and accesses AWS credentials using your operating system's keychain. It generates temporary credentials using STS, avoiding long-lived access keys in plain text files. The tool provides defense-in-depth security for AWS credentials and enables easy switching between multiple AWS accounts.
参数
- add _profile_
- Add new credentials to keychain
- exec _profile_ -- _command_
- Execute command with temporary credentials
- login _profile_
- Open AWS Console in browser
- list
- List profiles and session status
- remove _profile_
- Remove credentials from keychain
- rotate _profile_
- Rotate access keys
- export _profile_
- Export credentials as environment variables.
- clear _profile_
- Clear temporary credentials from the session store.
- --duration=_time_
- Session duration (e.g., 12h, 1h30m).
- --mfa-token=_token_
- MFA token code.
- --no-session
- Use long-term credentials instead of creating an STS session.
- --server
- Start a local EC2 metadata server instead of using environment variables.
- --backend=_backend_
- Credential storage backend (keychain, kwallet, pass, secret-service, file).
FAQ
What is the aws-vault command used for?
aws-vault securely stores and accesses AWS credentials using your operating system's keychain. It generates temporary credentials using STS, avoiding long-lived access keys in plain text files. The tool provides defense-in-depth security for AWS credentials and enables easy switching between multiple AWS accounts.
How do I run a basic aws-vault example?
Run `aws-vault add [profile-name]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does add _profile_ do in aws-vault?
Add new credentials to keychain