v5.0.0
Refactoring on the codebase took place for this release, see the full changeset here. Please report any bugs
Fixed
aws-vault exec
: Signals to processes now propagate correctly #454- Case is ignored when parsing config #461
- non-profile sections are ignored when parsing config #293
Added
- The
AWS_ROLE_ARN
,AWS_ROLE_SESSION_NAME
andAWS_MFA_SERIAL
environment variables can be used to specify config for theexec
,login
androtate
commands #443 6c94f99 - A new config variable
parent_profile
allows a profile to import all of the config and credentials from the specified parent profile, and should be used in conjunction withsource_profile
. Note that this config variable is not recognised or compatible with aws-cli or SDK #450 - Support for
duration_seconds
in the.aws/config
file 17062f1 --duration
flag on the exec and login command to specify the duration of the session #464
Removed
--mfa-token
flag from the rotate command #460--mfa-serial-override
flag from the exec command (useAWS_MFA_SERIAL
instead) 6c94f99--session-ttl
,--assume-role-ttl
flags from the exec and login command (use--duration
instead) #464--federation-token-ttl
flag from the login command (use--duration
instead) #464
Changed
- [BC break] The
mfa_serial
config is no longer imported from thesource_profile
. This was behaviour introduced in v4.6.0, however it had unintended backwards-incompatible side effects on existing configs.source_profile
now imports credentials only, the same way that the aws cli does. If you relied on the previousmfa_serial
importing behaviour, useparent_profile
(along withsource_profile
) #445 - [BC break] The
aws-vault exec
short flag for--mfa-token
was changed from-m
to-t
, to make it consistent withaws-vault login
#464 aws-vault exec
now uses the exec syscall rather than creating a child process #454- Changed the default durations #464
GetSessionToken
: 1h (previously 4h)AssumeRole
: 1h (previously 15m)GetFederationToken
: 1h (previously 12h)- Cached MFA
GetSessionToken
forAssumeRole
: 8h (previously 4h)
- Changed API for package github.com/99designs/aws-vault/vault. Note this package exists only to support the CLI and has no guarantees for backwards compatibility. It is public only for the convenience of those already using it