Added
- Handle
[sso-session]
section by @dima-vm in #1088 - Add support for
credential_process
by @jmczerk in #1087
#1122 - Add
mfa_process
config by @mtibben in #1123 - Support aws-cli's
AWS_CREDENTIAL_EXPIRATION
by @mtibben in #1124 - Add
aws-vault export
cmd by @mtibben in #1135 #1146 - Allow login with master creds in environment by @mtibben in #1150
- Support
login
from profile withcredential_process
by @christophgysin in #1168
Changed
- Simplify creation of temporary creds by @mtibben in #1120
- Update Documentation to reflect new Multi-MFA per IAM User functionality on AWS. by @LouisTsiattalou in
#1101 - Remove support for
parent_profile
, deprecated in v5 by @mtibben in #1131 - When using a subshell, add some help messages to minimise confusion and improve DX by @mtibben in #1136
- Disable subshell help messages with
AWS_VAULT_DISABLE_HELP_MESSAGE=1
by @mtibben in #1165 - Make
--ecs-server
the default server implementation by @mtibben in #1137 - Automatically select the best prompt driver by @mtibben in #1138
- Remove use of old env vars by @mtibben in #1143 #1147
- Fix prompts required in non-tty processes by @mtibben in #1149
- Use go 1.20 by @mtibben in #1158
- Support execve syscall on all OSs that can by @mtibben in #1166
- Shut down ec2 proxy automatically by @mtibben in #1167
- Validate that configs don't have more than one source by @mtibben in #1171
Backwards-compatibility breaks
--prompt=passotp
is no longer supported. Instead, usemfa_process = pass otp my_aws_mfa
in your config fileparent_profile
in the aws config file is no longer supported. Useinclude_profile
instead--server
now executes a ECS metadata server instead of a EC2 metadata server. To continue using the EC2 metadata server, use--ec2-server
instead. Useaws-vault proxy --stop
if you need to stop processes from old aws-vault versions- When using
aws-vault exec
the following old env vars are no longer set. If you use any of these env vars, use the more standard alternativeAWS_SECURITY_TOKEN
(useAWS_SESSION_TOKEN
instead)AWS_SESSION_EXPIRATION
(useAWS_CREDENTIAL_EXPIRATION
instead)
aws-vault exec --json
flag is deprecated and will be removed in a future release. Useaws-vault export --format=json
instead.- Ambiguous profile configs that specify multiple credential sources are no longer allowed
- If you use a profile config that uses a self-referential
credential_process
, you will end up with an infinite loop as v7 now recognisescredential_process
as a valid credential source. The solution is to create a new profile for the credentials. For example:should instead become[profile admin] credential_process = aws-vault exec -j admin
[profile admin] [profile admin-session] credential_process = aws-vault exec -j admin
New Contributors
- @dima-vm made their first contribution in #1088
- @LouisTsiattalou made their first contribution in #1101
- @jmczerk made their first contribution in #1087
- @christophgysin made their first contribution in #1168
Full Changelog: v6.6.2...v7.0.0