Please contribute additional examples for your favored platform or password manager.
- Create password entry
security add-generic-password -a $OKTA_USERNAME -s okta-aws-cli -T /usr/bin/security -U
- Launch KeyChain Access and search for okta-aws-cli
- Set OKTA_PASSWORD_CMD to
security find-generic-password -a $OKTA_USERNAME -s okta-aws-cli -w
Example: GNU/Linux GNOME Keyring
- Check if you have installed the
secret-tool
command. In Debian is included in thelibsecret-tools
package, so you can install it withapt
:sudo apt install libsecret-tools
- Create a new entry in your Login Keyring (you will be asked for your password):
secret-tool store --label='Okta Credentials' okta:username $OKTA_USERNAME
- Set
OKTA_PASSWORD_CMD
to:secret-tool lookup okta:username $OKTA_USERNAME
- Type the following into a PowerShell command
(Get-Credential).password | ConvertFrom-SecureString | Set-Content "$env:USERPROFILE\.okta\.password"
- Type in your credentials into the resulting popup, PowerShell will encrypt your password using your user profile (Windows Data Protection API) and store it in a file named
.password
in$env:USERPROFILE\.okta\
- Set
OKTA_USERNAME
if it is not already set - Set
OKTA_PASSWORD_CMD
to:OKTA_PASSWORD_CMD=@echo off & for /f \"usebackq tokens=*\" %a in (`PowerShell -Command \"(New-Object System.Management.Automation.PSCredential ($env:UserName, (Get-Content $env:USERPROFILE\\.okta\\.password | ConvertTo-SecureString))).GetNetworkCredential().Password\"`) do echo %a
- Not recommended but if you're stuck/desperate it works
- Add a
echo "XXXX"
to the~/.okta/config.properties
file for your password
OKTA_PASSWORD_CMD=echo "mypassword"
- Install LassPass' CLI tool, lpass
- Store your password in LassPass, making note of the entries path in your hierarchy
- Create an entry in
~/.okta/config
OKTA_PASSWORD_CMD=lpass show --password mysite.com