├── .editorconfig ├── _av_completion ├── LICENSE ├── UPGRADING.md ├── _aws_vault ├── README.md └── zsh-aws-vault.plugin.zsh /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | end_of_line = lf 5 | charset = utf-8 6 | indent_style = space 7 | indent_size = 2 8 | -------------------------------------------------------------------------------- /_av_completion: -------------------------------------------------------------------------------- 1 | #compdef avli avsh 2 | function _vault_profiles() { 3 | local -a profiles 4 | local IFS=$'\n' 5 | profiles=($(aws-vault list --profiles)) 6 | _describe 'PROFILE' profiles 7 | } 8 | function _av_completion() { 9 | _arguments "1:PROFILE:_vault_profiles" 10 | } 11 | _av_completion "$@" 12 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Ben Limmer 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /UPGRADING.md: -------------------------------------------------------------------------------- 1 | # Upgrading 2 | 3 | ## Pre-1.0 to 1.0 4 | 5 | Release 1.0 contains a large rewrite of the `avli` command, which may cause breaking changes if you relied on existing, 6 | inconsistent behavior. 7 | 8 | ### Breaking Changes 9 | 10 | - By default, `avli` calls on Linux and Mac now remove the temporary profile directory when the browser closes. If you 11 | want to retain the profile between calls to `avli`, set the `AWS_VAULT_PL_PERSIST_PROFILE` environment variable to 12 | `true`. 13 | - `avli` calls launching MacOS Firefox now creates profiles in the `/tmp` directory by default, instead of in the 14 | ApplicationSupport directory, as before. This means that, by default, Firefox `avli` profiles are completely transient 15 | by default. If you'd like to retain your browser profile between launches, set the `AWS_VAULT_PL_PERSIST_PROFILE` 16 | environment variable to `true`. 17 | - `avli` calls using Chrome (and chrome-like browsers) no longer pass the `--new-window` flag by default. To retain the 18 | existing behavior, set the `AWS_VAULT_PL_BROWSER_LAUNCH_OPTS` to include `--new-window`. 19 | - `avli` calls use `nohup` to ensure the browser is not terminated if the terminal window that launched it is closed. 20 | - Utility functions `_using_osx()`, `_using_linux()`, and `_find_browser()` are no longer exported to your ZSH 21 | environment. These utility functions are internal and should not have been exposed in your ZSH environment. If you 22 | relied on having these functions available, view their definitions and export the functions manually from your 23 | `~/.zshrc` file. 24 | -------------------------------------------------------------------------------- /_aws_vault: -------------------------------------------------------------------------------- 1 | #compdef aws-vault 2 | 3 | local context state state_desc line 4 | local curcontext="$curcontext" 5 | 6 | _vault_cmds() { 7 | local -a commands 8 | commands=( 9 | 'help:Show help' 10 | 'add:Adds credentials to the secure keystore' 11 | 'list:List profiles, along with their credentials and sessions' 12 | 'rotate:Rotates credentials' 13 | 'exec:Executes a command with AWS credentials in the environment' 14 | 'clear:Clear temporary credentials from the secure keystore' 15 | 'remove:Removes credentials from the secure keystore' 16 | 'login:Generate a login link for the AWS Console' 17 | ) 18 | _describe 'command' commands 19 | } 20 | 21 | _vault_profiles() { 22 | local -a profiles 23 | IFS=$'\n' 24 | profiles=($(aws-vault list --profiles)) 25 | _describe 'PROFILE' profiles 26 | } 27 | 28 | _vault_credentials() { 29 | local -a creds 30 | IFS=$'\n' 31 | creds=($(aws-vault list --credentials)) 32 | _describe 'CREDENTIALS' creds 33 | } 34 | 35 | _arguments -C \ 36 | '1:COMMAND:->cmds' \ 37 | '*::ARG:->args' 38 | 39 | global_flags=( 40 | '--help[Show context-sensitive help]' 41 | '--version[Show application version]' 42 | '--debug[Show debugging output]' 43 | ) 44 | flags=() 45 | case "$state" in 46 | cmds) 47 | _arguments ${global_flags} '1:COMMAND:_vault_cmds' 48 | ;; 49 | args) 50 | case $words[1] in 51 | help) 52 | _arguments '1:COMMANDS:_vault_cmds' 53 | ;; 54 | 55 | add) 56 | flags=( 57 | --env'[Read the credentials from the environment]' 58 | --add-config"[Add a profile to ~/.aws/config if one doesn't exist]" 59 | ) 60 | _arguments ${flags[@]} '1:PROFILE:_vault_profiles' 61 | ;; 62 | list) 63 | flags=( 64 | --profiles'[Show only the profile names]' 65 | --sessions'[Show only the session names]' 66 | --credentials'[Show only the profiles with stored credential]' 67 | ) 68 | _arguments "${flags[@]}" 69 | ;; 70 | rotate) 71 | flags=( 72 | --no-session'[Use master credentials, no session or role used]' 73 | ) 74 | _arguments ${flags[@]} '1:CREDENTIALS:_vault_credentials' 75 | ;; 76 | exec) 77 | flags=( 78 | {-d,--duration}='[Duration of the temporary or assume-role session]' 79 | {-n,--no-session}'[Skip creating STS session with GetSessionToken]' 80 | --region='[The AWS region]' 81 | {-t,--mfa-token}='[The MFA token to use]' 82 | {-j,--json}'[Output credentials in JSON that can be used by credential_process]' 83 | {-s,--server,--ec2-server}'[Run a EC2 metadata server in the background for credentials]' 84 | --ecs-server'[Run a ECS credential server in the background for credentials]' 85 | ) 86 | _arguments ${flags[@]} '1:PROFILE:_vault_profiles' 87 | ;; 88 | clear) 89 | _arguments '1:CREDENTIALS:_vault_credentials' 90 | ;; 91 | remove) 92 | _arguments '1:CREDENTIALS:_vault_credentials' 93 | ;; 94 | login) 95 | flags=( 96 | {-d,--duration}='[Duration of the assume-role or federated session]' 97 | {-n,--no-session}'[Skip creating STS session with GetSessionToken]' 98 | {-t,--mfa-token}='[The MFA token to use]' 99 | --path='[The AWS service you would like access]' 100 | {-s,--stdout}'[Print login URL to stdout instead of opening in default browser]' 101 | ) 102 | _arguments ${flags[@]} '1:PROFILE:_vault_profiles' 103 | ;; 104 | esac 105 | ;; 106 | esac 107 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # zsh-aws-vault 2 | 3 | oh-my-zsh plugin for [aws-vault](https://github.com/99designs/aws-vault) 4 | 5 | ## Installation 6 | 7 | ### [oh-my-zsh](https://github.com/robbyrussell/oh-my-zsh) 8 | 9 | This plugin is intended to be used with oh-my-zsh 10 | 11 | 1. `cd ~/.oh-my-zsh/custom/plugins` (you may have to create the folder) 12 | 2. `git clone https://github.com/blimmer/zsh-aws-vault.git` 13 | 3. In your .zshrc, add `zsh-aws-vault` to your oh-my-zsh plugins: 14 | 15 | ```bash 16 | plugins=( 17 | zsh-aws-vault 18 | ) 19 | ``` 20 | 21 | ### [zgen](https://github.com/tarjoilija/zgen) 22 | 23 | 1. add `zgen load blimmer/zsh-aws-vault` to your '!saved/save' block 24 | 1. `zgen update` 25 | 26 | ## Upgrading 27 | 28 | Some releases might have breaking changes to behaviors. Before upgrading, please review 29 | [the Releases page](https://github.com/blimmer/zsh-aws-vault/releases) to understand the changes. This package follows 30 | Semantic Versioning best-practices. 31 | 32 | An upgrade guide for major versions is available in [UPGRADING.md](/UPGRADING.md). 33 | 34 | ## Features 35 | 36 | This plugin provides a comprehensive set of tools for working with aws-vault: 37 | 38 | - **Aliases** for common aws-vault commands: 39 | 40 | - `av` - aws-vault 41 | - `avs` - aws-vault server 42 | - `avl` - aws-vault login 43 | - `avll` - aws-vault login -s (prints the login URL to the screen without opening your browser) 44 | - `ave` - aws-vault exec 45 | 46 | - **Convenience Functions**: 47 | 48 | - [`avsh`](#avsh) - Open a new shell with AWS credentials 49 | - [`avli`](#avli) - Login to AWS console in your default browser with profile isolation 50 | - [`avr`](#avr) - Refresh in-context `AWS_*` environment variables 51 | - `avp` - List all configured AWS profiles with their types (IAM Keys or Roles) 52 | 53 | ### `avli` 54 | 55 | Login in an isolated browser profile. 56 | 57 | > ℹ️ This function is currently only supported in MacOS and Linux. 58 | 59 | This function will create a sandboxed browser profile after getting the temporary login URL for your AWS profile. This 60 | allows opening multiple profiles simultaneously in different browser profiles. This differs from using incognito mode, 61 | which shares the same profile across all incognito windows. 62 | 63 | #### Specifying a Browser 64 | 65 | You can specify a browser to use for `avli` by setting the `AWS_VAULT_PL_BROWSER` environment variable to the appropriate 66 | browser. 67 | 68 | In MacOS, we use the default browser set at the system level. You can override using these values: 69 | 70 | | Browser | `AWS_VAULT_PL_BROWSER` value (MacOS) | 71 | | ------------------------- | ------------------------------------- | 72 | | Firefox | `org.mozilla.firefox` | 73 | | Firefox Developer Edition | `org.mozilla.firefoxdeveloperedition` | 74 | | Chrome | `com.google.chrome` | 75 | | Edge | `com.microsoft.edgemac` | 76 | | Edge Developer Edition | `com.microsoft.edgemac.dev` | 77 | | Brave | `com.brave.Browser` | 78 | | Vivaldi | `com.vivaldi.browser` | 79 | 80 | On Linux, we use `xdg-settings` to find the default. You can set the `AWS_VAULT_PL_BROWSER` environment variable to 81 | your browser's binary (e.g., `chromium` or `/usr/bin/chromium`). 82 | 83 | #### Passing Additional Browser Launch Options 84 | 85 | You can pass arbitrary parameters when launching your browser by setting the optional `AWS_VAULT_PL_BROWSER_LAUNCH_OPTS` 86 | environment variable. For example, if you wanted to start new `avli` browser windows maximized, you can set 87 | `AWS_VAULT_PL_BROWSER_LAUNCH_OPTS="--start-maximized"`. Refer to your browser documentation for possible options. 88 | 89 | #### Reusing Sandboxed Profiles 90 | 91 | By default, each time you run `avli`, a new, isolated browser profile is created. If you would like to reuse the same 92 | browser profile between calls to `avli`, set the `AWS_VAULT_PL_PERSIST_PROFILE` environment variable to `true`. 93 | 94 | This allows you to install extensions/addons, create bookmarks, retain history, etc. in the sandboxed browser. 95 | 96 | By default, the profiles are stored in `~/.config/zsh-aws-vault/avli-profiles//`. You can 97 | customize the path portion of this (`~/.config/zsh-aws-vault/avli-profiles`) by setting the 98 | `AWS_VAULT_PL_PERSIST_PROFILE_PATH` environment variable. 99 | 100 | ### `avsh` 101 | 102 | Create a shell for a given profile. For example, this command replaces the relevant `AWS_*` environment variables for 103 | the `default` profile in a new shell session: 104 | 105 | ```bash 106 | avsh default 107 | ``` 108 | 109 | This is a powerful tool that allows only placing AWS credentials in your shell session when needed. 110 | 111 | ### `avr` 112 | 113 | Refresh your credentials without exiting the existing subshell. Requires `aws-vault` v7 or newer. 114 | 115 | ### Prompt Segment 116 | 117 | This prompt segment echos out the current aws-vault profile you're logged into. 118 | I use this for adding a segment into my custom 119 | [agnoster theme](https://github.com/agnoster/agnoster-zsh-theme/blob/master/agnoster.zsh-theme). 120 | 121 | For instance, this code: 122 | 123 | ```bash 124 | prompt_aws_vault() { 125 | local vault_segment 126 | vault_segment="`prompt_aws_vault_segment`" 127 | [[ $vault_segment != '' ]] && prompt_segment cyan black "$vault_segment" 128 | } 129 | ``` 130 | 131 | Produces this segment in my prompt: 132 | 133 | ![screenshot of agnoster theme with aws-vault segment](https://i.imgur.com/BLE0QXg.png) 134 | 135 | The instructions to customize the prompt vary based on the [theme](https://github.com/ohmyzsh/ohmyzsh/wiki/Themes) you 136 | use. In some cases, you'll need to create a copy of the theme file and edit it to include the prompt segment. You can 137 | check out my 138 | [custom agnoster theme](https://github.com/blimmer/dotfiles/blob/fa46a6818dcd92c2b7c1a578b32166542c4febca/oh-my-zsh-custom/themes/agnoster.zsh-theme#L232) 139 | to see how I updated the prompt. 140 | 141 | #### Prompt Customization 142 | 143 | You can customize the prompt segment behavior by overriding these variables: 144 | 145 | | Variable Name | Default | Description | 146 | | ------------------------------ | ------- | --------------------------------------------------------------------------- | 147 | | `AWS_VAULT_PL_CHAR` | ☁ | The character to display when logged into an aws-vault profile | 148 | | `AWS_VAULT_PL_DEFAULT_PROFILE` | default | Only show the character when logged into this profile, not the profile name | 149 | 150 | ### Multi Factor Authentication (MFA) 151 | 152 | You can override the default MFA prompt by adding the `AWS_VAULT_PL_MFA` environment variable. 153 | 154 | | `AWS_VAULT_PL_MFA` value | Description | Example | 155 | | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | 156 | | inline | Enter your MFA token as an additional argument to the command. | `avsh default 123456`
`avli default 123456` | 157 | | yubikey | Generate an MFA token from your Yubikey. See the [docs](https://github.com/99designs/aws-vault/blob/master/USAGE.md#using-a-yubikey-as-a-virtual-mfa) for more information. | `avsh default`
`avsh default my-yubikey-profile`
`avli default`
`avli default my-yubikey-profile` | 158 | -------------------------------------------------------------------------------- /zsh-aws-vault.plugin.zsh: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------# 2 | # Variables # 3 | #--------------------------------------------------------------------# 4 | AWS_VAULT_PL_DEFAULT_PROFILE=${AWS_VAULT_PL_DEFAULT_PROFILE:-default} 5 | AWS_VAULT_PL_CHAR=${AWS_VAULT_PL_CHAR:-$'\u2601'} # "the cloud" 6 | AWS_VAULT_PL_BROWSER=${AWS_VAULT_PL_BROWSER:-''} 7 | AWS_VAULT_PL_BROWSER_LAUNCH_OPTS=${AWS_VAULT_PL_BROWSER_LAUNCH_OPTS:-''} 8 | AWS_VAULT_PL_MFA=${AWS_VAULT_PL_MFA:-''} 9 | AWS_VAULT_PL_PERSIST_PROFILE=${AWS_VAULT_PL_PERSIST_PROFILE:-false} 10 | AWS_VAULT_PL_PERSIST_PROFILE_PATH=${AWS_VAULT_PL_PERSIST_PROFILE_PATH:-"$HOME/.config/zsh-aws-vault/avli-profiles"} 11 | 12 | #--------------------------------------------------------------------# 13 | # Aliases # 14 | #--------------------------------------------------------------------# 15 | alias av='aws-vault' 16 | alias avs='aws-vault server' 17 | alias avl='aws-vault login' 18 | alias avll='aws-vault login -s' 19 | alias ave='aws-vault exec' 20 | alias avr='eval $(AWS_VAULT= aws-vault export --format=export-env $AWS_VAULT)' 21 | 22 | #--------------------------------------------------------------------# 23 | # Convenience Functions # 24 | #--------------------------------------------------------------------# 25 | function avsh() { 26 | case ${AWS_VAULT_PL_MFA} in 27 | inline) 28 | aws-vault exec -t "$2" "$1" "${@:3}" -- zsh 29 | ;; 30 | yubikey) 31 | aws-vault exec --prompt ykman "$@" -- zsh 32 | ;; 33 | *) 34 | aws-vault exec "$@" -- zsh 35 | ;; 36 | esac 37 | } 38 | 39 | function avli() { 40 | function _using_osx() { 41 | [[ $(uname) == "Darwin" ]] 42 | } 43 | 44 | function _using_linux() { 45 | [[ $(uname) == "Linux" ]] 46 | } 47 | 48 | function _find_browser() { 49 | if [ -n "${AWS_VAULT_PL_BROWSER}" ]; then 50 | # use the browser bundle specified 51 | echo "${AWS_VAULT_PL_BROWSER}" 52 | elif [ -n "${BROWSER}" ]; then 53 | echo "${BROWSER}" 54 | elif _using_osx ; then 55 | # Detect the browser in launchservices 56 | # https://stackoverflow.com/a/32465364/808678 57 | local prefs=~/Library/Preferences/com.apple.LaunchServices/com.apple.launchservices.secure.plist 58 | plutil -convert xml1 $prefs 59 | grep 'https' -b3 $prefs | awk 'NR==2 {split($2, arr, "[><]"); print arr[3]}'; 60 | plutil -convert binary1 $prefs 61 | elif _using_linux ; then 62 | # This is bad but it's marginally better than hardcoding google-chrome 63 | xdg-settings get default-web-browser | cut -d'.' -f1 64 | else 65 | # TODO - other platforms 66 | fi 67 | } 68 | 69 | function _get_browser_profile_path() { 70 | local browser=$1 71 | local profile=$2 72 | local browser_profile_path="" 73 | 74 | if [ "$AWS_VAULT_PL_PERSIST_PROFILE" = "true" ]; then 75 | browser_profile_path="${AWS_VAULT_PL_PERSIST_PROFILE_PATH}/${browser}/${profile}" 76 | mkdir -p "${AWS_VAULT_PL_PERSIST_PROFILE_PATH}/${browser}" 77 | else 78 | browser_profile_path=$(mktemp --tmpdir -d $browser.$profile.XXXXXX) 79 | fi 80 | 81 | echo $browser_profile_path 82 | } 83 | 84 | function _maybe_clean_up_browser_profile() { 85 | local browser_profile_path=$1 86 | if [ "$AWS_VAULT_PL_PERSIST_PROFILE" = "false" ]; then 87 | rm -rf $browser_profile_path 88 | fi 89 | } 90 | 91 | local login_url 92 | case ${AWS_VAULT_PL_MFA} in 93 | inline) 94 | login_url="$(avll -t $2 $1 ${@:3})" 95 | ;; 96 | yubikey) 97 | login_url="$(avll --prompt ykman $@)" 98 | ;; 99 | *) 100 | login_url="$(avll $@)" 101 | ;; 102 | esac 103 | 104 | if [ $? -ne 0 ]; then 105 | echo "Could not login" >&2 106 | return 1 107 | fi 108 | 109 | local browser="$(_find_browser)" 110 | 111 | if _using_osx ; then 112 | local browser_profile_path=$(_get_browser_profile_path $browser $1) 113 | case $browser in 114 | org.mozilla.firefox) 115 | ( 116 | nohup /Applications/Firefox.app/Contents/MacOS/firefox $AWS_VAULT_PL_BROWSER_LAUNCH_OPTS --no-remote --profile $browser_profile_path $login_url > /dev/null 2>&1 117 | _maybe_clean_up_browser_profile "${browser_profile_path}" 118 | ) &! 119 | ;; 120 | org.mozilla.firefoxdeveloperedition) 121 | ( 122 | nohup /Applications/Firefox\ Developer\ Edition.app/Contents/MacOS/firefox $AWS_VAULT_PL_BROWSER_LAUNCH_OPTS --no-remote --profile $browser_profile_path $login_url > /dev/null 2>&1 123 | _maybe_clean_up_browser_profile "${browser_profile_path}" 124 | ) &! 125 | ;; 126 | com.google.chrome) 127 | ( 128 | nohup /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome "${login_url}" $AWS_VAULT_PL_BROWSER_LAUNCH_OPTS --no-first-run --disk-cache-dir="${browser_profile_path}" --user-data-dir="${browser_profile_path}" > /dev/null 2>&1 129 | _maybe_clean_up_browser_profile "${browser_profile_path}" 130 | ) &! 131 | ;; 132 | com.microsoft.edgemac) 133 | ( 134 | nohup /Applications/Microsoft\ Edge.app/Contents/MacOS/Microsoft\ Edge "${login_url}" $AWS_VAULT_PL_BROWSER_LAUNCH_OPTS --no-first-run --disk-cache-dir="${browser_profile_path}" --user-data-dir="${browser_profile_path}" > /dev/null 2>&1 135 | _maybe_clean_up_browser_profile "${browser_profile_path}" 136 | ) &! 137 | ;; 138 | com.microsoft.edgemac.dev) 139 | ( 140 | nohup /Applications/Microsoft\ Edge\ Dev.app/Contents/MacOS/Microsoft\ Edge\ Dev "${login_url}" $AWS_VAULT_PL_BROWSER_LAUNCH_OPTS --no-first-run --disk-cache-dir="${browser_profile_path}" --user-data-dir="${browser_profile_path}" > /dev/null 2>&1 141 | _maybe_clean_up_browser_profile "${browser_profile_path}" 142 | ) &! 143 | ;; 144 | com.brave.Browser|com.brave.browser) 145 | ( 146 | nohup /Applications/Brave\ Browser.app/Contents/MacOS/Brave\ Browser "${login_url}" $AWS_VAULT_PL_BROWSER_LAUNCH_OPTS --no-first-run --disk-cache-dir="${browser_profile_path}" --user-data-dir="${browser_profile_path}" > /dev/null 2>&1 147 | _maybe_clean_up_browser_profile "${browser_profile_path}" 148 | ) &! 149 | ;; 150 | com.vivaldi.browser) 151 | ( 152 | nohup /Applications/Vivaldi.app/Contents/MacOS/Vivaldi "${login_url}" $AWS_VAULT_PL_BROWSER_LAUNCH_OPTS --no-first-run --disk-cache-dir="${browser_profile_path}" --user-data-dir="${browser_profile_path}" > /dev/null 2>&1 153 | _maybe_clean_up_browser_profile "${browser_profile_path}" 154 | ) &! 155 | ;; 156 | *) 157 | # NOTE PRs welcome to add your browser 158 | echo "Sorry, I don't know how to launch your default browser ($browser) :-(" 159 | ;; 160 | esac 161 | elif _using_linux ; then 162 | local browser_profile_path=$(_get_browser_profile_path $browser $1) 163 | case $browser in 164 | *"chrom"*|*"brave"*|*"vivaldi"*) 165 | ( 166 | nohup ${browser} $AWS_VAULT_PL_BROWSER_LAUNCH_OPTS --no-first-run --disk-cache-dir="${browser_profile_path}" --user-data-dir="${browser_profile_path}" "${login_url}" > /dev/null 2>&1 167 | _maybe_clean_up_browser_profile "${browser_profile_path}" 168 | ) &! 169 | ;; 170 | *"firefox"*) 171 | ( 172 | nohup ${browser} $AWS_VAULT_PL_BROWSER_LAUNCH_OPTS --profile "${browser_profile_path}" --no-remote --new-instance "${login_url}" > /dev/null 2>&1 173 | _maybe_clean_up_browser_profile "${browser_profile_path}" 174 | ) &! 175 | ;; 176 | *) 177 | rm -rf $browser_profile_path 178 | # NOTE PRs welcome to add your browser 179 | echo "Sorry, I don't know how to launch your default browser ($browser) :-(" 180 | ;; 181 | esac 182 | else 183 | # NOTE this is untested - PRs welcome to improve it. 184 | echo "${login_url}" | xargs xdg-open 185 | fi 186 | } 187 | 188 | function avp() { 189 | local -a profiles 190 | local _profile_text _role 191 | if egrep -arn "^\[default\]" ~/.aws/config >/dev/null; then 192 | profiles+="default: IAM_Keys" 193 | fi 194 | for item in $(grep "\[profile " ~/.aws/config | sed -e 's/.*profile \([a-zA-Z0-9_-]*\).*/\1/' | sort); do 195 | _profile_text="$item: " 196 | _role=$(aws --profile $item configure get role_arn) 197 | if [ "$_role" != "" ]; then 198 | _profile_text+="ROLE($_role) " 199 | fi 200 | profiles+=$_profile_text 201 | done 202 | printf '%s\n' "${profiles[@]}" | column -t 203 | } 204 | 205 | #--------------------------------------------------------------------# 206 | # Prompt Customization # 207 | #--------------------------------------------------------------------# 208 | function prompt_aws_vault_segment() { 209 | if [[ -n $AWS_VAULT ]]; then 210 | if [ "$AWS_VAULT" = "$AWS_VAULT_PL_DEFAULT_PROFILE" ]; then 211 | echo -n "$AWS_VAULT_PL_CHAR" 212 | else 213 | echo -n "$AWS_VAULT_PL_CHAR $AWS_VAULT" 214 | fi 215 | fi 216 | } 217 | --------------------------------------------------------------------------------