Collaborate on AWS Vault about limes HOT 2 CLOSED

I saw you project quite a long time ago. Our projects are very similar, yet attacking the problem in different ways.

If I understand aws-vault correctly it tries to store the credentials in a secure way.

Limes assumes the credentials are not stored in a secure way. Instead, they are supposed to be protected with MFA in AWS, and thus it is always run in server-client mode.

The next thing I'm looking at is a Brew installer (I maybe will take a peek how you do it). The plan is to start the server part of limes on a non privileged port and use a firewall rule to route traffic from 169.254.169.254:80 to 169.254.169.254:8080 for instance. Thus eliminating the need for sudo.

I like that aws-vault is compatible with the default aws configuration file. It's a much nicer design.

If you have some suggestions, or problems you are trying to solve please let me know.

from limes.

We offer a --server mode that starts up a metadata instance locally, which then will serve temporary credentials generated from whatever underlying credentials you have (along with MFA requirement):

https://github.com/99designs/aws-vault/blob/master/server.go

I'd love a way to scope that server to just a particular sub-shell, but at present it's system wide. I struggled to make the firewall rules work reliably, especially with the darwin/linux requirement. The fact that it's a non-routable address complicated things too from memory.

from limes.