| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 |
- // Package processcreds is a credentials provider to retrieve credentials from a
- // external CLI invoked process.
- //
- // WARNING: The following describes a method of sourcing credentials from an external
- // process. This can potentially be dangerous, so proceed with caution. Other
- // credential providers should be preferred if at all possible. If using this
- // option, you should make sure that the config file is as locked down as possible
- // using security best practices for your operating system.
- //
- // # Concurrency and caching
- //
- // The Provider is not safe to be used concurrently, and does not provide any
- // caching of credentials retrieved. You should wrap the Provider with a
- // `aws.CredentialsCache` to provide concurrency safety, and caching of
- // credentials.
- //
- // # Loading credentials with the SDKs AWS Config
- //
- // You can use credentials from a AWS shared config `credential_process` in a
- // variety of ways.
- //
- // One way is to setup your shared config file, located in the default
- // location, with the `credential_process` key and the command you want to be
- // called. You also need to set the AWS_SDK_LOAD_CONFIG environment variable
- // (e.g., `export AWS_SDK_LOAD_CONFIG=1`) to use the shared config file.
- //
- // [default]
- // credential_process = /command/to/call
- //
- // Loading configuration using external will use the credential process to
- // retrieve credentials. NOTE: If there are credentials in the profile you are
- // using, the credential process will not be used.
- //
- // // Initialize a session to load credentials.
- // cfg, _ := config.LoadDefaultConfig(context.TODO())
- //
- // // Create S3 service client to use the credentials.
- // svc := s3.NewFromConfig(cfg)
- //
- // # Loading credentials with the Provider directly
- //
- // Another way to use the credentials process provider is by using the
- // `NewProvider` constructor to create the provider and providing a it with a
- // command to be executed to retrieve credentials.
- //
- // The following example creates a credentials provider for a command, and wraps
- // it with the CredentialsCache before assigning the provider to the Amazon S3 API
- // client's Credentials option.
- //
- // // Create credentials using the Provider.
- // provider := processcreds.NewProvider("/path/to/command")
- //
- // // Create the service client value configured for credentials.
- // svc := s3.New(s3.Options{
- // Credentials: aws.NewCredentialsCache(provider),
- // })
- //
- // If you need more control, you can set any configurable options in the
- // credentials using one or more option functions.
- //
- // provider := processcreds.NewProvider("/path/to/command",
- // func(o *processcreds.Options) {
- // // Override the provider's default timeout
- // o.Timeout = 2 * time.Minute
- // })
- //
- // You can also use your own `exec.Cmd` value by satisfying a value that satisfies
- // the `NewCommandBuilder` interface and use the `NewProviderCommand` constructor.
- //
- // // Create an exec.Cmd
- // cmdBuilder := processcreds.NewCommandBuilderFunc(
- // func(ctx context.Context) (*exec.Cmd, error) {
- // cmd := exec.CommandContext(ctx,
- // "customCLICommand",
- // "-a", "argument",
- // )
- // cmd.Env = []string{
- // "ENV_VAR_FOO=value",
- // "ENV_VAR_BAR=other_value",
- // }
- //
- // return cmd, nil
- // },
- // )
- //
- // // Create credentials using your exec.Cmd and custom timeout
- // provider := processcreds.NewProviderCommand(cmdBuilder,
- // func(opt *processcreds.Provider) {
- // // optionally override the provider's default timeout
- // opt.Timeout = 1 * time.Second
- // })
- package processcreds
|
