From 290ea9ad611fd0e8595ddaac541bbc88cba501ac Mon Sep 17 00:00:00 2001 From: Michael Tibben Date: Tue, 22 Jan 2019 14:29:37 +1100 Subject: [PATCH] Update README.md --- README.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 46bf81ca7..0cfd36ea0 100644 --- a/README.md +++ b/README.md @@ -4,32 +4,33 @@ Securely store and access credentials for AWS. AWS Vault stores IAM credentials Currently the supported backends are: -* Pass - the standard unix password manager * macOS Keychain * KWallet * freedesktop.org Secret Service * Encrypted file +* Pass - the standard unix password manager Check out the [announcement blog post](https://99designs.com.au/tech-blog/blog/2015/10/26/aws-vault/) for more details. ## Installing -Download the [latest release](https://github.com/99designs/aws-vault/releases). - -On macOS, you may instead use [homebrew cask](https://github.com/caskroom/homebrew-cask) to install: +You can install aws-vault: +- macOS: via [homebrew](https://github.com/caskroom/homebrew-cask) with `brew cask install aws-vault` +- Windows: via [choco](https://chocolatey.org/packages/aws-vault) with `choco install aws-vault` +- Archlinux: available in the AUR +- Downloading the [latest release](https://github.com/99designs/aws-vault/releases) +- Compiling with `go get github.com/99designs/aws-vault` - $ brew cask install aws-vault +### macOS -The macOS release is code-signed, and you can verify this with `codesign`: +The [official macOS release](https://github.com/99designs/aws-vault/releases) is code-signed, and you can verify this with `codesign`: $ codesign -dvv $(which aws-vault) 2>&1 | grep Authority Authority=Developer ID Application: 99designs Inc (NRM9HVJ62Z) Authority=Developer ID Certification Authority Authority=Apple Root CA -On Archlinux, `aws-vault` is available in the AUR. - ## Usage See the [USAGE](./USAGE.md) document for more help and tips. @@ -101,12 +102,10 @@ Then when you use the `admin` profile, `aws-vault` will look in the `read-only` **Note:** If you have an MFA device attached to your account, the STS service will generate session tokens that are *invalid* unless you provide an MFA code. To enable MFA for a profile, specify the `mfa_serial` in `~/.aws/config`. You can retrieve the MFA's serial (ARN) in the web console, or you can usually derive it pretty easily using the format `arn:aws:iam::[account-id]:mfa/[your-iam-username]`. If you have an account with an MFA associated, but you don't provide the IAM, you are unable to call IAM services, even if you have the correct permissions to do so. `mfa_serial` will not be inherited from the profile designated in `source_profile` - you must include a reference to `mfa_serial` in every profile you wish to use it with. - ## Development Developed with golang, install with `go get github.com/99designs/aws-vault` - ### Self-signing your binary Binaries that call Keychain need to be signed, otherwise they always show the "allow access" prompt. Releases are signed by 99designs certificates, but if you are actively developing and want to mimic the behaviour of a signed release you can generate a self-signed code signing certificate.