Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Former Member
3 years agoHow-to configure AWS config credential_process + op?
In CLIv1 I was able to use something like:
[profile default]
region=us-west-2
credential_process = sh -c "op --account kramer get item 'AWS Production' | jq '.details.sections[2].fields | map({(.t):.}) | add | {Version:1, AccessKeyId:.aws_access_key_id.v, SecretAccessKey:.aws_secret_access_key.v}'"
I can't seem to figure out the v2 version of that or how to use credential_process
to retrieve credentials.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
- Former Member
Hey @yodakramer ! Thank you for reaching out to us.
To zoom out a little, can you please let us know what the structure of your item is (with the sensitive values redacted, of course) and what the desired structure of the
credential_process
should be?Looking forward to hearing from you.
Best,
Horia - Former Member
Thanks. I have used the examples from this blog post, Storing AWS CLI Credentials in 1Password.
The output from
op
looks like this:
```
{
"Version": 1,
"AccessKeyId": "MYKEY",
"SecretAccessKey": "MYSECRETKEY"
}```
And the entry looks like this: - Former Member
Ah, gotcha, thanks for clarifying! A more native way for achieving this in CLI2 would be along the lines of:
credential_process = "{ \"Version\": 1, \"AccessKeyId\": \"$(op read op://yourvault/aws/aws_access_key_id)\", \"SecretAccessKey\": \"$(op read op://yourvault/aws/aws_secret_access_key)\" }"
Let us know if this works for you, otherwise we can look into further options to adapt your v1 script.
Looking forward to hearing from you, and thank you, once again, for giving v2 a try! :DBest,
Horia - Former Member
I had to make changes to your version to match what
credential_process
expects.
credential_process = sh -c 'echo "{\n \"Version\": 1,\n \"AccessKeyId\": \"$(op read op://MyVault/aws-staging/CREDENTIALS/aws_access_key_id)\",\n \"SecretAccessKey\": \"$(op read op://MyVault/aws-staging/CREDENTIALS/aws_secret_access_key)\"\n}" '
The AWS CLI expects a multi-line JSON return, so I added\n
where needed and needed to be exec'd with-c
passed to the shell.This works quite well now!
- Former Member
Glad you got it working!! Let us know if we can help with anything else.
Best,
Horia - slambNew Contributor
Here's an updated jq method, to launch op once:
credential_process = sh -c "op --account=... --vault=... item get --format=json --fields=label=AccessKeyId,label=SecretAccessKey ... | jq 'map({key: .label, value: .value}) | from_entries + {Version: 1}'"
- andi_t_1P
1Password Team
Thanks for the feedback!