Release date: December 18, 2016
-
[Security]: Temp files used during processing are now hidden files (.*)
-
[Security]: Temp files are now written to a location in memory instead of disk to prevent
user capture during generation of temp credentials. This is useful when gcreds is
called invoked by a user or application without permissions to view or modify the local
awscli config (.aws/*) -
[Exception Handling]: gcreds now checks for the existence of active (or expired) temp
credentials in the local awscli config before generating new temporary credentials to prevent duplicate
entries in the local config files. If you attempt to generate new credentials with temp credentials
already in your config, gcreds will prompt you to clear your config before generating new creds. -
[Logging]: Log file generation has been implemented in anticipation of gcreds use as a library
called by automation applications. When used as a library, output messages will divert only to
the log file instead of to stdout to enable debugging.
- Temp credentials generated by gcreds have a default lifetime of 15 minutes (900 seconds).
This is only changeable in the current release via the TIMEOUT variable setting contained
in the gcreds main executable. (See Enhancement Roadmap section of the README)
- gcreds will complain if you want to have more than 1 set of temporary credentials in awscli
config at a time. This is to prevent corruption of the local awscli config. You can choose not
to clear credentials from your config before generating a new set of temp credentials; however, this
will corrupt your local awscli config with duplicate entries unless generating credentials for
accounts and roles that are not represented in the first set of temp credentials already present in
the config.
( Back to README )