v4.6.1

Fixed

• Regression where a role could not be assumed when the profile had a mfa_serial and the root profile did not #383
• --assume-role-ttl on exec honored the environment variable AWS_ASSUME_ROLE_TTL. This has been fixed for login command #385
• --profile on exec has a hint if not passed in, added this to login command #385

v4.6.0

Fixed

• Incorrect session expiration time with --json flag #372
• GetFederationToken with usernames over 32 characters #377

Changed

• Retrieve session credentials recursively to avoid double prompts for MFA #369
• Use go modules for dependencies #348

v4.5.1

Fixed

• when using the credential helper with --json the expiration time was incorrect #332

v4.5.0

Added

• zenity prompt driver #295
• --path option to aws-vault login #291
• shell completion scripts #306
• command line options and variables for pass #319
  --pass-dir and AWS_VAULT_PASS_DIR
--pass-cmd and AWS_VAULT_PASS_CMD
--pass-prefix and AWS_VAULT_PASS_PREFIX
• support for using aws-vault as an aws-cli credential helper #300
• support for FreeBSD #325

Changed

• keychain: Default to trusting sessions, but not root credentials. This reduces the need to re-enter password and click "Allow" (or "Always Allow") #318

Fixed

• improved debug message when AWS_CONFIG_FILE is set #312
• rotation failing for IAM users with paths #315

v4.4.1

Fixed

• incorrect comment handling when parsing .aws/config #289

v4.4.0

Fixed

• Remove server subcommand from --help #208
• TravisCI config for go 1.11 #284
• Use heuristic for using sessions when rotating credentials #286
• login URL for cn and us-gov AWS regions #285
• Documentation #275 f7d6f17 6e74b95 51451d9

Added

• Add handler for iam/info metadata endpoint #283

v4.3.0

Fixed

• Increase MaxAssumeRoleDuration to 12 hours #240
• Rotating AWS keys in GovCloud #257
• Always use a session to rotate AWS keys #265

Changed

• Update 99designs/keyring to the latest #238 Changelog
• Update go-keychain to resolve Go 1.11 compilation issue #271

Added

• Support for the external_id option in profile config #264

v4.2.1

Fixed

• create the aws config file if it doesn't exist already #225
• fix regression where the secret-service collection was renamed aws-vault instead of the original awsvault #226
• make it possible to exit using Ctrl-C at the mfa prompt #236
• shell autocompletion for profile names #227
• compatibility with go 1.10 #244

v4.2.0

Security

• Prevent local network segment from accessing credential server #205

Added

• Metadata server support for Windows #166
• A --keychain argument (or AWS_VAULT_KEYCHAIN_NAME env var) to specify the macOS keychain to use #197
• A Dockerfile for linux testing #194
• Docs for rotate and clearer errors #180
• Docs for removing sessions #183
• Docs about how to use a self-signed binary #195

Fixed

• Detect credentials are available when running in server mode #185
• Fix nested config parsing in .aws/config #191
• Fix multiple password prompts #193 #202
• Fix travis builds on go 1.8 #206
• Fix nil pointer panic in keyring #210

v4.1.0

Added

• aws-vault add now adds an entry to the aws config file if the profile doesn't exist #169

Changed

• Show an error message when trying to add credentials to source_profile profile #153
• Clarify credentials, sessions and profiles in aws-vault list #161
• Updates docs #165
• Read the region from the config for STS calls #163

Fixed

• Fixes for an eventual consistency issue in aws-vault rotate. We now poll IAM #170
• Fixed a data race condition in aws-vault exec #162
• Fixed an issue where the username couldn't be determined reliably #152
• Fixed instances where aws-vault would quit with a zero exit code on errors, when it should be non-zero #168