Forum Discussion
Bug - CLI - AWS Plugin MFA Failing
Hi there,
I seem to be experiencing an issue with the CLI and AWS plugin where I select my credentials and try to run an aws command and I get the following error:
[ERROR] 2023/07/26 22:11:39 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
source profile "default" does not exist in your AWS config file
I tried to do some debugging so I ran the command in debug mode and without cache:
1) Debug Mode
op plugin run --debug -- aws ls s3
Output
10:05PM | DEBUG | Session delegation enabled
10:05PM | DEBUG | NM request: NmRequestAccounts
10:05PM | DEBUG | NM response: Success
10:05PM | DEBUG | NM request: NmRequestAccounts
10:05PM | DEBUG | NM response: Success
10:06PM | DEBUG | InitDefaultCache: successfully initialized cache
10:06PM | DEBUG | EncryptedKeysets: Cache hit on keyset
10:06PM | DEBUG | Vault: cache hit on vault XXXXXXXXXX
10:06PM | DEBUG | VaultItems: cache hit on vault items of vault XXXXXXXXXX
10:06PM | DEBUG | Item: VaultItems cache hit for vault XXXXXXXXXX - validating staleness using item version
10:06PM | DEBUG | Item: cache hit on item YYYYYYYYYY of vault XXXXXXXXXX
[ERROR] 2023/07/26 22:06:01 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
source profile "default" does not exist in your AWS config file
2) No Cache
op plugin run --debug --cache=false -- aws ls s3
Output
10:06PM | DEBUG | Session delegation enabled
10:06PM | DEBUG | NM request: NmRequestAccounts
10:06PM | DEBUG | NM response: Success
10:06PM | DEBUG | NM request: NmRequestAccounts
10:06PM | DEBUG | NM response: Success
[ERROR] 2023/07/26 22:06:40 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
source profile "default" does not exist in your AWS config file
This seems to be a recent issue as it was working with my credentials before. I have looked at similar issues on the forum but none seem to have points on how to resolve it. A few extra troubleshooting points:
- I did have a YubiKey attached but I've removed that to ensure it's not the problem.
- I generated a new client access key and secret to ensure it's not that as a problem.
- I've verified that the MFA serial entry is correct in the 1Password credential.
- I have specified the default region in the 1Password credential.
- I've removed the ~/.aws/credentials file as per the instructions on setting up the 1Password CLI plugin.
- I am able to login with the MFA code, it's how I login to AWS through the console frontend.
- My CLI is version 2.19.0 and I use ZSH
Any assistance here would be much appreciated!
1Password Version: 8.10.9
Extension Version: 2.13.0
OS Version: Fedora 38
Browser: Brave
9 Replies
- tonkku107Occasional Contributor
I updated the PKGBUILD to 8.6.0-26 manually and it does work now.
Though there is now 2 popups you have to go through which isn't that nice... - tonkku107Occasional Contributor
It seems the latest version hasn't been updated in the AUR which is why I don't have it.
- tonkku107Occasional Contributor
I am still seeing fingerprints instead of names after toggling the agent off and on with the show names option enabled.
- K_J__1P
1Password Team
Sorry for my misunderstanding! If you disable the agent and re-enable it, does the problem persist? Thanks!
- tonkku107Occasional Contributor
The option is enabled but has no effect. I am talking about the option specifically still showing the fingerprint instead of the name.
- K_J__1P
1Password Team
Thanks for trying out the beta! When enabling the SSH agent, there is a separate option for using the item name instead of the fingerprint. 1Password provides this as a separate option because it requires that the item name be stored unencrypted on disk.
Let me know if this works for you!