Credulous
credulous is a command line tool that manages AWS (IAM) Credentials
securely. The aim is to encrypt the credentials using a user's public
SSH Key so that only the user who has the corresponding private SSH
key is able to see and use them. Furthermore the tool will also enable
the user to easily rotate their current credentials without breaking
the user's current workflow.
NOTE: This is a fork of the original
Credulous aimed at providing Windows support, and enabling it to be used
as a library. Please use the original unless you wish to try this out.
Main Features
- Your IAM Credentials are securely encrypted on disk.
- Easy switching of Credentials between Accounts/Users.
- Painless Credential rotation.
- Enables rotation of Credentials by external application/service.
- No external runtime dependencies beyond minimal platform-specific
shared libraries
Installation
For Linux (.RPM or .DEB packages)
Download your Linux package
For OSX
If you are using Homebrew you can follow these steps to install Credulous
localhost$ brew install bash-completion
- Add the following lines to your ~/.bash_profile:
if [ -f $(brew --prefix)/etc/bash_completion ]; then
. $(brew --prefix)/etc/bash_completion
fi
localhost$ brew install https://raw.githubusercontent.com/realestate-com-au/credulous-brew/master/credulous.rb
- Add the following lines to your ~/.bash_profile:
if [ -f $(brew --prefix)/etc/profile.d/credulous.sh ]; then
. $(brew --prefix)/etc/profile.d/credulous.sh
fi
Command completion
Command completion makes credulous much more convenient to use.
OSX: brew install bash-completion
Centos: Enable EPEL repo and install bash-completion
Debian/Ubuntu: bash-completion is installed and enabled by default. Enjoy!
Usage
Credentials need to have the right to inspect the account alias,
list access keys and examine the username of the user for whom they
exist. An IAM policy snippet like this will grant sufficient
permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PermitViewAliases",
"Effect": "Allow",
"Action": [ "iam:ListAccountAliases" ],
"Resource": "*"
},
{
"Sid": "PermitViewOwnDetails",
"Effect": "Allow",
"Action": [
"iam:ListAccessKeys",
"iam:GetUser"
],
"Resource": "arn:aws:iam::*:user/${aws:username}"
}
]
}
You can have a look at the manual
page, if that's your thing.
Storing your current credentials in Credulous
$ export AWS_ACCESS_KEY_ID=YOUR_AWS_ID
$ export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXX
$ credulous save # Will ask credulous to store these credentials
# saving credentials for user@account
Displaying a set of credentials from Credulous
$ credulous source -a account -u user
export AWS_ACCESS_KEY_ID=YOUR_AWS_ID
export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXX
Development

Required tools:
Make sure you have GOPATH set in your environment
Download the dependencies
$ go get -u # -u will update existing dependencies
Install git2go (Optional if you already have it installed correctly in your environment)
$ go get github.com/libgit2/git2go
$ cd $GOPATH/src/github.com/libgit2/git2go && rm -rf vendor/libgit2
$ git submodule update --init
$ mkdir -p $GOPATH/src/github.com/libgit2/git2go/vendor/libgit2/install/lib
$ make install
# Run dependency update again for credulous
$ cd $GOPATH/src/github.com/realestate-com-au/credulous && go get -u
Install the binary in your $GOBIN
$ go install
Tests
First we make sure we have our dependencies
go get -t
Make sure goconvey is installed, else use
go get -t github.com/smartystreets/goconvey
Just go into this directory and either
goconvey
< Go to localhost:8080 in your browser >
Or just run
go test ./...
Roadmap
See here
