Requirements
- KeePassXC
- aws-cli
- secret-tool
Add a new group to KeePassXC
This will be used so we can control what secrets get exposed to the FreeDesktop.org Secret Service.
- Right-Click the Root folder group
- Select New Group
- Give it a Name
- Click OK
Enable Freedesktop.org Secret Service Integration
Open KeePassXC Settings.
- Select Secret Service from the left hand side (it may be cut off).
- Check the Enable KeePassXC Freedesktop.org Secret Service Integration.
- Click the pencil next to your kbdx file.
Expose group to secret service
- Select Secret Service on the left hand side.
- Select Expose entries under this group.
- Select the group we created earlier.
- Click OK
Add Secrets to KeePassXC
Create some JSON with your AWS Credentials
{
"Version": 1,
"AccessKeyId": "AKIA-REPLACE-ME",
"SecretAccessKey": "REPLACE ME"
}
- Select your group
- Click the Create New Entry icon
- Set the Title something meaningful
- Paste your JSON in the password field
- Click OK
Configure AWS CLI to use custom program
Edit your ~/.aws.config
[profile default]
region = us-east-2
output=json
credential_process=secret-tool lookup Title "aws-creds"
Test it out!
Running the AWS CLI should now trigger a KeePassXC prompt.
aws s3 ls