AWS Session Token is not imported or exported

Question

In the documentation (https://developer.1password.com/docs/cli/shell-plugins/aws) is stated:

1Password CLI will then set the AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID and AWS_SESSION_TOKEN provisional environment variables to specify the temporary multi-factor authentication session values.

I'm using the CLI with AWS plugin:

➜ op --version
2.26.1

➜ aws --version
aws-cli/2.15.32 Python/3.11.8 Darwin/23.4.0 source/arm64 prompt/off

I added to ~/.aws/credentials a new record with AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID and AWS_SESSION_TOKEN then when I run op plugin init aws I can import this new record but the AWS_SESSION_TOKEN is ignored.

I tried adding the AWS_SESSION_TOKEN manually in the new vault item but does not work.

I know that the AWS_SESSION_TOKEN is the problem because if I export it manually in the terminal session then aws commands are successful.

What am I missing?

1Password Version: 8.10.28 (81028034)
Extension Version: 2.21.0
OS Version: Not Provided
Browser: Chrome

jerdew · Answer

This is also a problem I am having.  I followed https://developer.1password.com/docs/cli/shell-plugins/aws and I tried the recommended aws s3 ls and was told:

An error occurred (InvalidAccessKeyId) when calling the ListBuckets operation: The AWS Access Key Id you provided does not exist in our records.

If I export as env vars, it works.

Forum Discussion

AWS Session Token is not imported or exported

1 Reply

Recent Discussions

Console flooded with errors when clicking links during 1Password passkey selection dialog

WSL2 Arm Build

`op account add` with `Integrate with 1Password CLI`

1password doesn't seem to remember the key approval for JetBrains IDEA Ultimate

Use op on headless system with glab?