99designs/aws-vault v6.0.0-beta11

on GitHub

Added

• Support for AWS SSO #549 docs
  
• Support for Yubikey TOTP #558 docs
  
• A shell script for adding a Yubikey to IAM #559
  
• aws-vault exec --ecs-server starts an ECS credential server offering many advantages over the EC2 metadata server #556 #375 docs
  
• Debug http logging for the server #330
  
• Support for setting the secret service collection with --secret-service-collection #539
  
• Support for assume roles using OpenID Connect tokens #587
  
• A native windows prompt wincredui #613
  
• A pass MFA provider that reads from pass otp #640
  
• aws-vault proxy --stop will stop the ec2 server proxy and remove the network alias. Fixes #548, #360
  
• A new command aws-vault clear [<profile>] to remove short-term session credentials and OIDC tokens
  

Fixed

• Ensure all error messages go to stderr #565
  
• Using a key with a slash with the file backend https://github.com/99designs/keyring/pull/69
  
• Login hang when using an unknown profile #575 #545
  
• Shell completion issues #408, #576
  
• Parse Windows netsh error messages in German #610
  
• The aws-vault executable location should now be detected correctly in more instances. Fixes #596
  

Changed

• Config variable parent_profile renamed to include_profile. The old parent_profile still works for backwards compatibility #520 #560 docs
  
• Credentials created with AssumeRole and MFA are now cached #569 (Fixes #552, #532, #525)
  
• Profile names are now case-sensitive #570 #528 7262236
  
• The proxy command is now aws-vault proxy. This command is not user facing, but the old server subcommand still works just in case for backwards compatibility #627
  
• When secret keys are added with aws-vault add, the secret is no longer echoed back into the terminal #625
  
• The --sessions-only flag has been deprecated from the remove command in favour of aws-vault clear. The old flag still works for backwards compatibility