Update usage and README

shellcheck linting:

- use `printf` instead of `echo`
- use `$HOME` instead of `~`

Use profile and `$HOME` in Usage output
  - ie if someone adds `--help` to the command line after specifying
a `--profile xxx` already

README.md

@@ -1,22 +1,34 @@
-# Fetch IAM keys and secrets from a AWS credentials file
+# get-aws-profile-bash
+
+<!--
+![Release](https://img.shields.io/github/release/whereisaaron/get-aws-profile-bash.svg)
+-->
+
+## Fetch AWS keys and secrets from a AWS credentials file
 
 This is a pure bash script that can parse and extract AWS credentials (key id and secret) from a `~/.aws/credentials` file.
 
-```
+```bash
 $ ./get-aws-profile.sh --help
-Usage: ./get-aws-profile.sh [--credentials=<path>] [--profile=<name>] [--key|--secret]
+Usage: ./get-aws-profile.sh [--credentials=<path>] [--profile=<name>] [--key|--secret|--session-token]
+
   Default --credentials is '~/.aws/credentials'
   Default --profile is 'default'
-  By default environment variables are generate, e.g.
+
+  By default environment variables are generated, e.g.
     source $(./get-aws-profile.sh --profile=myprofile)
-  You can specify one --key or --secret to get just that value, with no line break,
+
+  You can specify one of --key, --secret, -or --session-token to get just that value, with no line break:
     FOO_KEY=$(./get-aws-profile.sh --profile=myprofile --key)
     FOO_SECRET=$(./get-aws-profile.sh --profile=myprofile --secret)
+    FOO_SESSION_TOKEN=$(./get-aws-profile.sh --profile=myprofile --session-token)
 ```
 
-## Set environment variables for 'my-example' profile
+## Examples
 
-```
+### Set environment variables for 'my-example' profile
+
+```bash
 $ ./get-aws-profile.sh --profile my-example
 export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
 export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
@@ -26,20 +38,20 @@ $ eval $(./get-aws-profile.sh --profile my-example)
 
 ## Get key and secret for 'my-example' profile
 
-```
+```bash
 $ ./get-aws-profile.sh --profile my-example --key
 AKIAIOSFODNN7EXAMPLE
 
 $ ./get-aws-profile.sh --profile my-example --secret
 wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 
 $ export AWS_ACCESS_KEY_ID=$(./get-aws-profile.sh --profile my-example --key)
-$ export AWS_SECRET_ACCESS_KEY=$(./get-aws-profile.sh --profile my-example --secret) 
+$ export AWS_SECRET_ACCESS_KEY=$(./get-aws-profile.sh --profile my-example --secret)
 ```
 
 ## Get key and secret for 'default' profile from a custom 'ini' file
 
-```
+```bash
 $ ./get-aws-profile.sh --credentials /foo/bar/my-creds-file --key
 AKIAIOSFODNN7EXAMPLE
 
@@ -48,9 +60,10 @@ wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
 ## AWS Credentials file format
+
 The AWS credentials file format appears to follow the old [Windows 'ini' file format](https://en.wikipedia.org/wiki/INI_file). Check the [AWS documentation](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for more information.
 
-```
+```ini
 [default]
 aws_access_key_id=AKIAIOSFODNN7EXAMPLE
 aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
@@ -60,8 +73,14 @@ aws_access_key_id=AKIAI44QH8DHBEXAMPLE
 aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
 ```
 
-# Rationale
-I often need to include an AWS key id and secret in deployment scripts. Yet I don't want to actually include the credentials in the script or in the git repository. Many AWS client support storing AWS credentials in an `~/.aws/credentials` files and using a `--profile` argument or `AWS_DEFAULT_PROFILE` environment variable. However other tools only work by setting the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables. Sometimes you need to inject these credentials into stored secrets or configurations. This script helps script these tasks whilst keeping the credentials out of your scripts and repository. I wanted a pure bash solution I could include in automated build and deployment environments.
+## Rationale
+
+I often need to include an AWS key id and secret in deployment scripts. Yet I don't want to actually include the credentials in the script or in the git repository.
+
+Many AWS client tools support storing AWS credentials in the `~/.aws/credentials` file and using a `--profile` argument or `AWS_DEFAULT_PROFILE` environment variable. However other tools only work by setting the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables. Sometimes you need to inject these credentials into stored secrets or configurations.
+
+This script helps script these tasks whilst keeping the credentials out of your scripts and repository. I wanted a pure bash solution I could include in automated build and deployment environments.
+
+## Credits
 
-# Credits
 The really cool part of this script is the ['ini' file parser written by Andres J. Diaz](https://web.archive.org/web/20180826221418/http://theoldschooldevops.com/2008/02/09/bash-ini-parser/).

get-aws-profile.sh

@@ -39,8 +39,9 @@ cfg_parser ()
 
 # echo a message to standard error (used for messages not intended
 # to be parsed by scripts, such as usage messages, warnings or errors)
-echo_stderr() {
-  echo "$@" >&2
+echo_stderr ()
+{
+  printf '%s\n' "$@" >&2
 }
 
 #
@@ -50,14 +51,17 @@ echo_stderr() {
 display_usage ()
 {
   echo_stderr "Usage: $0 [--credentials=<path>] [--profile=<name>] [--key|--secret|--session-token]"
-  echo_stderr "  Default --credentials is '~/.aws/credentials'"
+  echo_stderr ""
+  echo_stderr "  Default --credentials is '${HOME}/.aws/credentials'"
   echo_stderr "  Default --profile is 'default'"
-  echo_stderr "  By default environment variables are generate, e.g."
-  echo_stderr "    source \$($0 --profile=myprofile)"
-  echo_stderr "  You can specify one of --key, --secret, -or --session-token to get just that value, with no line break,"
-  echo_stderr "    FOO_KEY=\$($0 --profile=myprofile --key)"
-  echo_stderr "    FOO_SECRET=\$($0 --profile=myprofile --secret)"
-  echo_stderr "    FOO_SESSION_TOKEN=\$($0 --profile=myprofile --session-token)"
+  echo_stderr ""
+  echo_stderr "  By default environment variables are generated, e.g."
+  echo_stderr "    source \$($0 --profile=${PROFILE:-myprofile})"
+  echo_stderr ""
+  echo_stderr "  You can specify one of --key, --secret, -or --session-token to get just that value, with no line break:"
+  echo_stderr "    FOO_KEY=\$($0 --profile=${PROFILE:-myprofile} --key)"
+  echo_stderr "    FOO_SECRET=\$($0 --profile=${PROFILE:-myprofile} --secret)"
+  echo_stderr "    FOO_SESSION_TOKEN=\$($0 --profile=${PROFILE:-myprofile} --session-token)"
 }
 
 for i in "$@"
@@ -89,7 +93,7 @@ case $i in
     ;;
     *)
     # unknown option
-    echo "Unknown option $1"
+    echo_stderr "Unknown option $1"
     display_usage
     exit 1
     ;;
@@ -100,7 +104,7 @@ done
 # Check options
 #
 
-CREDENTIALS=${CREDENTIALS:-~/.aws/credentials}
+CREDENTIALS="${CREDENTIALS:-"${HOME}/.aws/credentials"}"
 PROFILE=${PROFILE:-default}
 SHOW_KEY=${SHOW_KEY:-false}
 SHOW_SECRET=${SHOW_SECRET:-false}
@@ -134,15 +138,16 @@ if [[ $? -ne 0 ]]; then
 fi
 
 if [[ "${SHOW_KEY}" = false && "${SHOW_SECRET}" = false && "${SHOW_SESSION_TOKEN}" = false ]]; then
-  echo "export AWS_ACCESS_KEY_ID=${aws_access_key_id}"
-  echo "export AWS_SECRET_ACCESS_KEY=${aws_secret_access_key}"
-  echo "export AWS_SESSION_TOKEN=${aws_session_token}"
+  echo_stderr "# Profile: ${PROFILE}"
+  printf 'export AWS_ACCESS_KEY_ID=%s\n' "${aws_access_key_id}"
+  printf 'export AWS_SECRET_ACCESS_KEY=%s\n' "${aws_secret_access_key}"
+  printf 'export AWS_SESSION_TOKEN=%s\n' "${aws_session_token}"
 elif [[ "${SHOW_KEY}" = true ]]; then
-  echo -n "${aws_access_key_id}"
+  printf '%s' "${aws_access_key_id}"
 elif [[ "${SHOW_SECRET}" = true ]]; then
-  echo -n "${aws_secret_access_key}"
+  printf '%s' "${aws_secret_access_key}"
 elif [[ "${SHOW_SESSION_TOKEN}" = true ]]; then
-  echo -n "${aws_session_token}"
+  printf '%s' "${aws_session_token}"
 else
   echo_stderr "Unknown error"
   exit 9