rebase on top of ByteNess/aws-vault

.github/workflows/go.yml

@@ -1,12 +1,21 @@
 name: Continuous Integration
 on:
   push:
+    branches-ignore:
+      - main
+    paths-ignore:
+      - '.github/**'
+      - '.gitgnore'
   pull_request:
     branches:
-      - master
+      - main
 permissions:
   contents: read
 
+env:
+  GOTELEMETRY: off
+  #CGO_ENABLED: 0
+
 jobs:
   test:
     name: test
@@ -15,12 +24,14 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/setup-go@v3
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
         with:
-          go-version: '1.20'
-      - uses: actions/checkout@v3
+          go-version: 'stable'
+          #go-version-file: 'go.mod'
+          check-latest: true
       - name: Run tests
-        run: go test -race ./...
+        run: make test #go test -race ./...
   lint:
     permissions:
       contents: read  # for actions/checkout to fetch code
@@ -31,11 +42,15 @@ jobs:
         os: [macos-latest, ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/setup-go@v3
-        with:
-          go-version: '1.20'
-      - uses: actions/checkout@v3
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3.4.0
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
         with:
-          version: v1.52.0
+          go-version: 'stable'
+          #go-version-file: 'go.mod'
+          check-latest: true
+      - name: Lint
+        run: make vet
+      #- name: golangci-lint
+      #  uses: golangci/golangci-lint-action@v8
+      #  with:
+      #    version: v2.1

.github/workflows/stale.yml

@@ -9,7 +9,7 @@ jobs:
     permissions:
       issues: write
     steps:
-      - uses: actions/stale@v7
+      - uses: actions/stale@v10
         with:
           days-before-stale: 180
           days-before-close: 7

.gitignore

@@ -1,3 +1,30 @@
 /aws-vault
 /aws-vault-*
 /SHA256SUMS
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+go.work.sum
+
+# env file
+.env
+
+build/
+dist/
+vendor/

.golangci.yml

@@ -1,4 +1,12 @@
+version: "2"
 linters:
+  settings:
+    depguard:
+      rules:
+        main:
+          list-mode: lax
+          files:
+            - $all
   enable:
     - bodyclose
     - contextcheck
@@ -8,9 +16,7 @@ linters:
     - errchkjson
     - errname
     - exhaustive
-    - exportloopref
-    - gofmt
-    - goimports
+    - govet
     - makezero
     - misspell
     - nakedret

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 99designs
+Copyright (c) 2015 ByteNess
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -1,17 +1,17 @@
 VERSION=$(shell git describe --tags --candidates=1 --dirty)
-BUILD_FLAGS=-ldflags="-X main.Version=$(VERSION)" -trimpath
-CERT_ID ?= Developer ID Application: 99designs Inc (NRM9HVJ62Z)
+BUILD_FLAGS=-ldflags="-s -w -X main.Version=$(VERSION)" -trimpath
+CERT_ID ?= Developer ID Application: ByteNess (R)
 SRC=$(shell find . -name '*.go') go.mod
 INSTALL_DIR ?= ~/bin
-.PHONY: binaries clean release install
+.PHONY: binaries clean release install snapshot run
 
 ifeq ($(shell uname), Darwin)
 aws-vault: $(SRC)
-	go build -ldflags="-X main.Version=$(VERSION)" -o $@ .
+	go build -ldflags="-s -w -X main.Version=$(VERSION)" -o $@ .
 	codesign --options runtime --timestamp --sign "$(CERT_ID)" $@
 else
 aws-vault: $(SRC)
-	go build -ldflags="-X main.Version=$(VERSION)" -o $@ .
+	go build -ldflags="-s -w -X main.Version=$(VERSION)" -o $@ .
 endif
 
 install: aws-vault
@@ -23,9 +23,27 @@ binaries: aws-vault-linux-amd64 aws-vault-linux-arm64 aws-vault-linux-ppc64le aw
 dmgs: aws-vault-darwin-amd64.dmg aws-vault-darwin-arm64.dmg
 
 clean:
-	rm -f ./aws-vault ./aws-vault-*-* ./SHA256SUMS
+	rm -rf ./aws-vault ./aws-vault-*-* ./SHA256SUMS dist/
 
-release: binaries dmgs SHA256SUMS
+snapshot: clean ## Build local snapshot
+	goreleaser build --clean --snapshot --single-target
+
+run:
+	go run .
+
+test: ## Run tests
+	go test -v ./...
+
+fmt: **/*.go ## Formt Golang code
+	go fmt ./...
+
+lint:
+	golint ./...
+
+vet:
+	go vet -all ./...
+
+release: binaries SHA256SUMS
 
 	@echo "\nTo create a new release run:\n\n    gh release create --title $(VERSION) $(VERSION) \
 	aws-vault-darwin-amd64.dmg \
@@ -41,6 +59,10 @@ release: binaries dmgs SHA256SUMS
 
 	@echo "\nTo update homebrew-cask run:\n\n    brew bump-cask-pr --version $(shell echo $(VERSION) | sed 's/v\(.*\)/\1/') aws-vault\n"
 
+ubuntu-latest: aws-vault-linux-amd64 aws-vault-linux-arm64 aws-vault-linux-ppc64le aws-vault-windows-amd64.exe aws-vault-windows-arm64.exe aws-vault-freebsd-amd64
+
+macos-latest: aws-vault-darwin-amd64 aws-vault-darwin-arm64
+
 aws-vault-darwin-amd64: $(SRC)
 	GOOS=darwin GOARCH=amd64 CGO_ENABLED=1 SDKROOT=$(shell xcrun --sdk macosx --show-sdk-path) go build $(BUILD_FLAGS) -o $@ .
 
@@ -65,6 +87,9 @@ aws-vault-linux-arm7: $(SRC)
 aws-vault-windows-386.exe: $(SRC)
 	GOOS=windows GOARCH=386 go build $(BUILD_FLAGS) -o $@ .
 
+aws-vault-windows-amd64.exe: $(SRC)
+	GOOS=windows GOARCH=amd64 go build $(BUILD_FLAGS) -o $@ .
+
 aws-vault-windows-arm64.exe: $(SRC)
 	GOOS=windows GOARCH=arm64 go build $(BUILD_FLAGS) -o $@ .
 
@@ -74,6 +99,11 @@ aws-vault-darwin-amd64.dmg: aws-vault-darwin-amd64
 aws-vault-darwin-arm64.dmg: aws-vault-darwin-arm64
 	./bin/create-dmg aws-vault-darwin-arm64 $@
 
+aws-vault_sha256_checksums.txt:
+	sha256sum \
+	  aws-vault-* \
+	    > $@
+
 SHA256SUMS: binaries dmgs
 	shasum -a 256 \
 	  aws-vault-darwin-amd64.dmg \

README.md

@@ -1,7 +1,11 @@
 # AWS Vault
 
-[![Downloads](https://img.shields.io/github/downloads/99designs/aws-vault/total.svg)](https://github.com/99designs/aws-vault/releases)
-[![Continuous Integration](https://github.com/99designs/aws-vault/workflows/Continuous%20Integration/badge.svg)](https://github.com/99designs/aws-vault/actions)
+[![Downloads](https://img.shields.io/github/downloads/byteness/aws-vault/total)](https://github.com/byteness/aws-vault/releases)
+[![Continuous Integration](https://github.com/byteness/aws-vault/workflows/Continuous%20Integration/badge.svg)](https://github.com/byteness/aws-vault/actions)
+
+> [!NOTE]
+> This is a maintained fork of https://github.com/99designs/aws-vault which is an abandoned project.
+> Contributions are welcome and preferably please open an [issue](https://github.com/ByteNess/aws-vault/issues) first.
 
 AWS Vault is a tool to securely store and access AWS credentials in a development environment.
 
@@ -12,18 +16,10 @@ Check out the [announcement blog post](https://99designs.com.au/tech-blog/blog/2
 ## Installing
 
 You can install AWS Vault:
-- by downloading the [latest release](https://github.com/99designs/aws-vault/releases/latest)
-- on macOS with [Homebrew Cask](https://formulae.brew.sh/cask/aws-vault): `brew install --cask aws-vault`
-- on macOS with [MacPorts](https://ports.macports.org/port/aws-vault/summary): `port install aws-vault`
-- on Windows with [Chocolatey](https://chocolatey.org/packages/aws-vault): `choco install aws-vault`
-- on Windows with [Scoop](https://scoop.sh/): `scoop install aws-vault`
-- on Linux with [Homebrew on Linux](https://formulae.brew.sh/formula/aws-vault): `brew install aws-vault`
-- on [Arch Linux](https://www.archlinux.org/packages/community/x86_64/aws-vault/): `pacman -S aws-vault`
-- on [Gentoo Linux](https://github.com/gentoo/guru/tree/master/app-admin/aws-vault): `emerge --ask app-admin/aws-vault` ([enable Guru first](https://wiki.gentoo.org/wiki/Project:GURU/Information_for_End_Users))
-- on [FreeBSD](https://www.freshports.org/security/aws-vault/): `pkg install aws-vault`
-- on [OpenSUSE](https://software.opensuse.org/package/aws-vault): enable devel:languages:go repo then `zypper install aws-vault`
-- with [Nix](https://search.nixos.org/packages?show=aws-vault&query=aws-vault): `nix-env -i aws-vault`
-- with [asdf-vm](https://github.com/karancode/asdf-aws-vault): `asdf plugin-add aws-vault https://github.com/karancode/asdf-aws-vault.git && asdf install aws-vault <version>`
+- by downloading the [latest release](https://github.com/byteness/aws-vault/releases/latest)
+- using [Homebrew](https://formulae.brew.sh/formula/aws-vault): `brew install aws-vault`
+- on Windows with [Chocolatey](https://chocolatey.org/packages/aws-vault): `choco install aws-vault` ([repo](https://github.com/gusztavvargadr/aws-vault-chocolatey) by [Gusztáv Varga](https://github.com/gusztavvargadr))
+- on [NixOS](https://search.nixos.org/packages?channel=unstable&query=aws-vault) (currently only available on the unstable channel): `nix-env -iA nixos.aws-vault`
 
 ## Documentation
 
@@ -38,7 +34,10 @@ The supported vaulting backends are:
 * Secret Service ([Gnome Keyring](https://wiki.gnome.org/Projects/GnomeKeyring), [KWallet](https://kde.org/applications/system/org.kde.kwalletmanager5))
 * [KWallet](https://kde.org/applications/system/org.kde.kwalletmanager5)
 * [Pass](https://www.passwordstore.org/)
+* [Passage](https://github.com/FiloSottile/passage)
 * Encrypted file
+* [1Password Connect](https://developer.1password.com/docs/connect/)
+* [1Password Service Accounts](https://developer.1password.com/docs/service-accounts)
 
 Use the `--backend` flag or `AWS_VAULT_BACKEND` environment variable to specify.
 
@@ -48,7 +47,9 @@ Use the `--backend` flag or `AWS_VAULT_BACKEND` environment variable to specify.
 # Store AWS credentials for the "jonsmith" profile
 $ aws-vault add jonsmith
 Enter Access Key Id: ABDCDEFDASDASF
-Enter Secret Key: %%%
+Enter Secret Key: ****************************************
+Enter MFA Device ARN (If MFA is not enabled, leave this blank): arn:aws:iam::123456789012:mfa/jonsmith
+Added credentials to profile "jonsmith" in vault
 
 # Execute a command (using temporary credentials)
 $ aws-vault exec jonsmith -- aws s3 ls
@@ -148,9 +149,15 @@ Here's what you can expect from aws-vault
 | `aws-vault exec bar-role2`               | session-token + role + role | session-token | Yes |
 | `aws-vault exec bar-role2 --no-session`  | role + role                 | role          | Yes |
 
+## Auto-logout
+
+Since v7.3+ `aws-vault` introduced option to automatically try and do a logout first, before login when executing `aws-vault login <profile>`.
+
+This behavour can be achieved by using `--auto-logout` or `-a` flag! Read more in [USAGE.md](./USAGE.md) file.
+
 ## Development
 
-The [macOS release builds](https://github.com/99designs/aws-vault/releases) are code-signed to avoid extra prompts in Keychain. You can verify this with:
+The [macOS release builds](https://github.com/byteness/aws-vault/releases) are code-signed to avoid extra prompts in Keychain. You can verify this with:
 ```shell
 $ codesign --verify --verbose $(which aws-vault)
 ```
@@ -161,6 +168,18 @@ $ go build .
 $ codesign --sign <Name of certificate created above> ./aws-vault
 ```
 
+## 🧰 Contributing
+
+Report issues/questions/feature requests on in the [issues](https://github.com/byteness/aws-vault/issues/new) section.
+
+Full contributing [guidelines are covered here](.github/CONTRIBUTING.md).
+
+## Maintainers
+
+* [Marko Bevc](https://github.com/mbevc1)
+* Full [contributors list](https://github.com/byteness/aws-vault/graphs/contributors)
+
+
 ## References and Inspiration
 
  * https://github.com/pda/aws-keychain