Skip to main content
April 2, 2025
Question

CLI key rotation for team members

  • April 2, 2025
  • 1 reply
  • 177 views

Hi there, 

I was looking for a solution on how to decrease the work load on rotating AWS CLI keys and distributing the individual keys to the team members. 

I know that AWS identity center could solve this but this has some dependencies on our side to get there. 

Now here is what was searching for but did not find a solution: 
I want to distribute a new CLI key to a developer, sure I can create 25 vaults, for each developer one and place the new key into such a vault, but this is not scalable. 
Ultimately I have one vault and for each developer the CLI key. I would replace existing key and secret with the new one, when it is about time to rotate. 
The advantage I see here, that the developer would not even change her/his workflow since the item id would remain the same and would be able to keep on using the same item id in the IDE.

But maybe I missed something how to solve this but I was not finding any solution when searching for it. 
Looking forward to understand how others are solving it!

1 reply

phildmno
April 8, 2025

Just so I understand, you want to have a separate key for each dev, but keep them all colocated in the same vault?