github 99designs/aws-vault v7.0.0

latest releases: v7.2.0, v7.2.0-beta2, v7.2.0-beta1...
20 months ago

Added

Changed

  • Simplify creation of temporary creds by @mtibben in #1120
  • Update Documentation to reflect new Multi-MFA per IAM User functionality on AWS. by @LouisTsiattalou in
    #1101
  • Remove support for parent_profile, deprecated in v5 by @mtibben in #1131
  • When using a subshell, add some help messages to minimise confusion and improve DX by @mtibben in #1136
  • Disable subshell help messages with AWS_VAULT_DISABLE_HELP_MESSAGE=1 by @mtibben in #1165
  • Make --ecs-server the default server implementation by @mtibben in #1137
  • Automatically select the best prompt driver by @mtibben in #1138
  • Remove use of old env vars by @mtibben in #1143 #1147
  • Fix prompts required in non-tty processes by @mtibben in #1149
  • Use go 1.20 by @mtibben in #1158
  • Support execve syscall on all OSs that can by @mtibben in #1166
  • Shut down ec2 proxy automatically by @mtibben in #1167
  • Validate that configs don't have more than one source by @mtibben in #1171

Backwards-compatibility breaks

  • --prompt=passotp is no longer supported. Instead, use mfa_process = pass otp my_aws_mfa in your config file
  • parent_profile in the aws config file is no longer supported. Use include_profile instead
  • --server now executes a ECS metadata server instead of a EC2 metadata server. To continue using the EC2 metadata server, use --ec2-server instead. Use aws-vault proxy --stop if you need to stop processes from old aws-vault versions
  • When using aws-vault exec the following old env vars are no longer set. If you use any of these env vars, use the more standard alternative
    • AWS_SECURITY_TOKEN (use AWS_SESSION_TOKEN instead)
    • AWS_SESSION_EXPIRATION (use AWS_CREDENTIAL_EXPIRATION instead)
  • aws-vault exec --json flag is deprecated and will be removed in a future release. Use aws-vault export --format=json instead.
  • Ambiguous profile configs that specify multiple credential sources are no longer allowed
  • If you use a profile config that uses a self-referential credential_process, you will end up with an infinite loop as v7 now recognises credential_process as a valid credential source. The solution is to create a new profile for the credentials. For example:
    [profile admin]
    credential_process = aws-vault exec -j admin
    should instead become
    [profile admin]
    
    [profile admin-session]
    credential_process = aws-vault exec -j admin

New Contributors

Full Changelog: v6.6.2...v7.0.0

Don't miss a new aws-vault release

NewReleases is sending notifications on new releases.