shell-plugins icon indicating copy to clipboard operation
shell-plugins copied to clipboard
verified publisher icon 1Password

set AWS_SESSION_TOKEN

Open cellulosa opened this issue 1 year ago • 2 comments

op CLI version

2.28.0

Goal or desired behavior

The plugin allows setting multi-factor authentication. I am using an enterprise account without the IAM privileges. I login via OKTA and am presented with the following access details after login:

AWS_ACCESS_KEY_ID=""
AWS_SECRET_ACCESS_KEY=""
AWS_SESSION_TOKEN=""

Current behavior

Currently I can update the access key id and secret access key fields on 1password:

Screenshot 2024-05-01 at 15 17 22

However, I am unable to provide the AWS_SESSION_TOKEN value. Therefore, to be able to login, I have to expose the password via variable definition in the terminal before calling any aws command:

export AWS_SESSION_TOKEN=""
aws s3 ls

Would it be possible to be able to set such variable in the relevant 1password item? Or how would do you recommend approaching this?

Relevant log output

If I don't provide the AWS_SESSION_TOKEN inline, I get the following error:


An error occurred (InvalidAccessKeyId) when calling the ListBuckets operation: The AWS Access Key Id you provided does not exist in our records.

cellulosa avatar May 01 '24 14:05 cellulosa

I think you are logged in through the SSO and IAM Center, so it is not the case supported by 1password yet?

daeho-ro avatar Sep 19 '24 14:09 daeho-ro

Would be great if the plugin could just set session token env var if it exists in the item. That would support the case with ease.

eruvanos avatar Dec 12 '24 07:12 eruvanos