If you're juggling multiple AWS accounts with the CLI, named profiles in ~/.aws/credentials and ~/.aws/config plus --profile <name> (or AWS_PROFILE=…) is the baseline — but storing those keys in plaintext on disk is the bit worth fixing. macOS Keychain via security add-generic-password, Windows Credential Manager via cmdkey, or secret-tool on Linux all work as drop-in vaults you can pull credentials from at command time.
The full post walks through profile setup, a shell-alias trick to skip --profile entirely, the per-OS keychain commands, and how to skip access keys altogether by switching the profile to AWS SSO with aws configure sso.
Originally published at andreasbergstrom.dev — read the full post there.
Top comments (0)