zsh-aws-vault
oh-my-zsh plugin for aws-vault
Installation
oh-my-zsh
This plugin is intended to be used with oh-my-zsh
$ cd ~/.oh-my-zsh/custom/plugins(you may have to create the folder)$ git clone https://github.com/blimmer/zsh-aws-vault.git- In your .zshrc, add
zsh-aws-vaultto your oh-my-zsh plugins:
plugins=(
git
ruby
zsh-aws-vault
)
zgen
- add
zgen load blimmer/zsh-aws-vaultto your '!saved/save' block zgen update
Features
This plugin is pretty simple - it provides:
- aliases
- prompt segment
Aliases
| Alias | Expression |
|---|---|
| av | aws-vault |
| ave | aws-vault exec |
| avl | aws-vault login |
| avll | aws-vault login -s |
| avli | aws-vault login in private browsing window |
| avs | aws-vault server |
| avsh | aws-vault exec $1 -- zsh |
| avp | list aws config / role ARNs |
avli
Login in Private Browsing Window
This alias is currently only supported in OSX and Linux.
This alias will open a new browser window after getting the temporary login URL for your profile.
You can specify a specific browser to handle your login URL by setting AWS_VAULT_PL_BROWSER to the bundle name of the
browser. By default, it will pick your default URL handler in MacOS. It supports the following browsers:
AWS_VAULT_PL_BROWSER value |
Browser | Description |
|---|---|---|
org.mozilla.firefox |
Firefox | Creates and/or opens a profile with the same name as your aws-vault profile. This allows for multiple profiles to be open simultaneously. |
org.mozilla.firefoxdeveloperedition |
Firefox Developer Edition | Creates and/or opens a profile with the same name as your aws-vault profile. This allows for multiple profiles to be open simultaneously. |
com.google.chrome |
Chrome | Opens a new private browsing window for the session. This allows for multiple profiles to be open simultaneously. |
com.brave.Browser |
Brave | Opens a new private browsing window for the session. This allows for multiple profiles to be open simultaneously. |
avsh
Create a shell for a given profile.
For example, place the relevant AWS environment variables for your default profile by running:
avsh default
Prompt Segment
This prompt segment echos out the current aws-vault profile you're logged into. I use this for adding a segment into my custom agnoster theme.
For instance, this code:
prompt_aws_vault() {
local vault_segment
vault_segment="`prompt_aws_vault_segment`"
[[ $vault_segment != '' ]] && prompt_segment cyan black "$vault_segment"
}
Produces this segment in my prompt:
The instructions to customize the prompt vary based on the theme you use. In some cases, you'll need to create a copy of the theme file and edit it to include the prompt segment. You can check out my custom agnoster theme to see how I updated the prompt.
Prompt Customization
You can customize the prompt segment behavior by overriding these variables:
| Variable Name | Default | Description |
|---|---|---|
AWS_VAULT_PL_CHAR |
☁ | The character to display when logged into an aws-vault profile |
AWS_VAULT_PL_DEFAULT_PROFILE |
default | Only show the character when logged into this profile, not the profile name |
Multi Factor Authentication (MFA)
You can override the default MFA prompt by adding the AWS_VAULT_PL_MFA environment variable.
AWS_VAULT_PL_MFA value |
Description | Example |
|---|---|---|
| inline | Enter your MFA token as an additional argument to the command. | avsh default 123456avli default 123456 |
| yubikey | Generate an MFA token from your Yubikey. See the docs for more information. | avsh defaultavsh default my-yubikey-profileavli defaultavli default my-yubikey-profile |