This release focuses on better Keychain security;

• Prevent security / aws-keychain from being whitelisted to access Keychain items. #13
• Store in a separate aws-keychain.keychain instead of the always-unlocked login.keychain. #15
  • Override with AWS_KEYCHAIN_FILE environment variable.
  • aws-keychain migrate moves items from login.keychain to aws-keychain.keychain.

Keychain Access (which ships with Mac OS X) can be used to adjust the auto-lock parameters on the new keychain file. It is recommended that you don't “Always allow” when prompted. You can hit spacebar to allow access when prompted while the keychain is unlocked.

This release focuses on simplifying the interface and never storing credentials unencrypted to disk. Instead aws-keychain exec <name> <cmd ...> becomes the primary mode of operation.

• Removed subcommands relating to unencrypted credential file: use, none, status, cat.
• Removed env subcommand deprecated in v1.0.0.

• aws-keychain exec <name> <cmd ...> added in #10
  • Use this instead of aws-keychain use etc to keep credentials off disk.
• aws-keychain rm secure credential file deletion in #11
• Zsh completion in 011a2a5
• aws-keychain add <name> interactive prompt in #9
• Updated credential file format in #7
• aws-keychain env deprecated in favor of aws-keychain exec.

• Initial implementation;

  aws-keychain add <access_key_id> <secret_access_key>
  aws-keychain cat
  aws-keychain env
  aws-keychain ls
  aws-keychain none
  aws-keychain rm
  aws-keychain status
  aws-keychain use
  eval aws-keychain env <name>