Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set AWS_SESSION_TOKEN #461

Open
cellulosa opened this issue May 1, 2024 · 2 comments
Open

set AWS_SESSION_TOKEN #461

cellulosa opened this issue May 1, 2024 · 2 comments
Labels
op-cli Functionality to be implemented in 1Password CLI. Needs to be done by 1Password Developers.

Comments

@cellulosa
Copy link

op CLI version

2.28.0

Goal or desired behavior

The plugin allows setting multi-factor authentication. I am using an enterprise account without the IAM privileges. I login via OKTA and am presented with the following access details after login:

AWS_ACCESS_KEY_ID=""
AWS_SECRET_ACCESS_KEY=""
AWS_SESSION_TOKEN=""

Current behavior

Currently I can update the access key id and secret access key fields on 1password:

Screenshot 2024-05-01 at 15 17 22

However, I am unable to provide the AWS_SESSION_TOKEN value. Therefore, to be able to login, I have to expose the password via variable definition in the terminal before calling any aws command:

export AWS_SESSION_TOKEN=""
aws s3 ls

Would it be possible to be able to set such variable in the relevant 1password item? Or how would do you recommend approaching this?

Relevant log output

If I don't provide the AWS_SESSION_TOKEN inline, I get the following error:


An error occurred (InvalidAccessKeyId) when calling the ListBuckets operation: The AWS Access Key Id you provided does not exist in our records.
@cellulosa cellulosa added the op-cli Functionality to be implemented in 1Password CLI. Needs to be done by 1Password Developers. label May 1, 2024
@daeho-ro
Copy link

I think you are logged in through the SSO and IAM Center, so it is not the case supported by 1password yet?

@eruvanos
Copy link

Would be great if the plugin could just set session token env var if it exists in the item.
That would support the case with ease.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
op-cli Functionality to be implemented in 1Password CLI. Needs to be done by 1Password Developers.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cellulosa @eruvanos @daeho-ro