v6 milestone
Added
- Support for AWS SSO #549 docs
- Support for Yubikey TOTP #558 docs
- A shell script for adding a Yubikey to IAM #559
aws-vault exec --ecs-server
starts an ECS credential server offering many advantages over the EC2 metadata server #556 #375 docs
- Debug http logging for the server #330
- Support for setting the secret service collection with
--secret-service-collection
#539
- Support for assume roles using OpenID Connect tokens #587
- A native windows prompt
wincredui
#613
- A
pass
MFA provider that reads frompass otp
#640
aws-vault proxy --stop
will stop the ec2 server proxy and remove the network alias. Fixes #548, #360
- A new command
aws-vault clear [<profile>]
to remove short-term session credentials and OIDC tokens #644 #591 #412
- The environment variable
AWS_MIN_TTL
will enforce a minimum expiry time on credentials #646
Fixed
- Ensure all error messages go to stderr #565
- Using a key with a slash with the file backend https://github.com/99designs/keyring/pull/69
- Login hang when using an unknown profile #575 #545
- Shell completion issues #408, #576
- Parse Windows
netsh
error messages in German #610
- The
aws-vault
executable location should now be detected correctly in more instances. Fixes #596
- Use the expiry window when retrieving credentials from the key store to enforce a minimum expiry time #608
Changed
- Config variable
parent_profile
renamed toinclude_profile
. The oldparent_profile
still works for backwards compatibility #520 #560 docs
- Credentials created with AssumeRole and MFA are now cached #569 (Fixes #552, #532, #525)
- Profile names are now case-sensitive #570 #528 7262236
- The proxy command is now
aws-vault proxy
. This command is not user facing, but the oldserver
subcommand still works just in case for backwards compatibility #627
- When secret keys are added with
aws-vault add
, the secret is no longer echoed back into the terminal #625
- The
--sessions-only
flag has been deprecated from theremove
command in favour ofaws-vault clear
. The old flag still works for backwards compatibility