{ "info": { "author": "Cheney Yan", "author_email": "cheney.yan@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 3", "Topic :: Software Development :: Build Tools" ], "description": "# okta_aws_cred_helper\n\nOKTA AWS credential helper.\n\nYou you only need the following steps to setup your aws credentials file derived from Okta automatically. Procedures are\n```\nokta-aws-cred-helper init\nokta-aws-cred-helper refresh\n\n# then you are ready to go.\nAWS_PROFILE=okta-role aws s3 ls\n# If you need to know what profiles are available to you, you need to check your aws credentials file, i.e. ~/.aws/credentials\n\n# when your DevSecOps made change on permissions, you need to refresh your local aws credentials file to pick up the change.\nokta-aws-cred-helper refresh\n```\n\n# Install\n\n```\npip install okta-aws-credential-helper\n```\n\n# Initialize\n\nPreparation:\n\n1. You need to know Okta AWS application sso URL. It should be like https://domain.okta.com/app/amazon_aws/`app-id`/sso/saml.\n2. You already have your email/password/google 2Fa set up.\n3. During the process, we will reset the Okta Google 2FA code. You will need a QR code scanner application (besides Google 2FA app) so it can read the TOTP code. An useful application can be: https://play.google.com/store/apps/details?id=com.tohsoft.qrcode.pro\n\n## Read your TOTP code\n\nLogin to your Okta Account and reset your 2FA code. When you are resetting, while the QR code still displays, use the QR code scanner to decode the QR code, which will be like\n\n`otpauth://totp/xxx.okta.com:?secret=&issuer=xxx.okta.com`\n\nMark the totp code down and you will use it later.\n\n\n## Initialize okta credentials\n\nExecute\n\n```\nokta-aws-cred-helper init\n```\n\nFollow the questions and input your answers. **You will be asked for sso_url, okta username(email), okta password, totp code (you previously marked down). Note whatever you have input will be echo back to the screen. Please keep alert from peeping.**\n\n\n### review your okta credentials settings\n\n**NOTE** your okta credentials settings are stored in file `~/.aws/okta-aws/settings.json`. Keep it secret. You can also edit this file directly later instead of running `okta-aws-cred-helper init` command.\n\nOnce initialized, the file should be like\n```\n{\n \"sso_url\": \"https://domain.okta.com/app/amazon_aws/aaaaabbbbbcccccDDDDD/sso/saml\",\n \"region\": \"ap-southeast-2\",\n \"user_name\": \"name@email.com.au\",\n \"password\": \"\",\n \"google_2fa_totp\": \"\"\n}\n\n```\n\n## Automatically set your `~/.aws/credentials` file\n\nExecute\n```\nokta-aws-cred-helper refresh\n```\n\nThis command will modify your `~/.aws/credentials` for the new credentials derived from okta. The credentials from Okta will be defined as profiles with name starting with `okta-`. \n\nNote existing credentials in `~/.aws/credentials` with profile name not starting with `okta-` will be intact.\n\nAfter executing this command, simply check the content of `~/.aws/credentials` to get familiar with what roles OKTA has allowed you to assume to. You can also configure other personal profiles to source from these `okta-` profiles.\n\n## Caching\n\nThis process uses directory `~/.aws/okta-aws` as temporary credential caches.\n\n## Refreshing\n\nThis tool automatically refreshes the credentials behind the scene for you.\n\n## Speed\n\nWhile refreshing credentials, you may feel your aws tools (boto scripts or awscli) freeze for several seconds. This usually happens at the edge of every 30 seconds. When this tool sense it is close to the end of each 30 seconds, it will wait until this 30 second window pass, to avoid the google 2FA authentication failure caused by network delay or time in-synchronization.\n\n## Improve\n\nThe following items are in the view:\n\n- Use more secure store.\n- Test on windows\n- Test on linux(ubuntu)\n- add a easy role assumption support\n- Allow signing Login URLs (working with [awslogin](https://github.com/cheney-yan/awslogin))\n- Package properly and add testing\n\nContribution welcome..\n\n\n---\n\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/cheney-yan/aws-okta-credential-helper", "keywords": "Okta AWS SAML Credential Helper", "license": "", "maintainer": "", "maintainer_email": "", "name": "okta-aws-credential-helper", "package_url": "https://pypi.org/project/okta-aws-credential-helper/", "platform": "", "project_url": "https://pypi.org/project/okta-aws-credential-helper/", "project_urls": { "Homepage": "https://github.com/cheney-yan/aws-okta-credential-helper" }, "release_url": "https://pypi.org/project/okta-aws-credential-helper/0.3.2/", "requires_dist": [ "boto3", "click (==7.0)", "click-log (==0.3.2)", "sh", "keyring", "python-dateutil", "bs4", "simplejson", "requests[security]", "pyyaml" ], "requires_python": ">=3.0.0", "summary": "Okta AWS SAML credential helper", "version": "0.3.2" }, "last_serial": 5612160, "releases": { "0.2.0": [ { "comment_text": "", "digests": { "md5": "3247c21ba61477d135118672e34e06af", "sha256": "c82dbe08868be0a824f9c2c31599a236e4e5540b44ee2dc5c4fe22129d481fb2" }, "downloads": -1, "filename": "okta-aws-credential-helper-0.2.0.tar.gz", "has_sig": false, "md5_digest": "3247c21ba61477d135118672e34e06af", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.0.0", "size": 9657, "upload_time": "2019-05-04T12:22:04", "url": "https://files.pythonhosted.org/packages/4b/61/55826de9c05297a1b61076e68199cbbeb5d7ea2c6ca3dbe6b92c1af7ea7c/okta-aws-credential-helper-0.2.0.tar.gz" } ], "0.2.1": [ { "comment_text": "", "digests": { "md5": "9f077cc952cb4dfefee3b936f661726c", "sha256": "8349ab8365d702bb3b53858ffa4ac9078bbefc4b5ec64e7eea9b56bd5b69236a" }, "downloads": -1, "filename": "okta_aws_credential_helper-0.2.1-py3-none-any.whl", "has_sig": false, "md5_digest": "9f077cc952cb4dfefee3b936f661726c", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.0.0", "size": 21338, "upload_time": "2019-05-04T12:56:02", "url": "https://files.pythonhosted.org/packages/09/ac/2e4f5b5ad182756b6ec6ff3c318bfb9d49e16c27ddf6b2176c5959b643a6/okta_aws_credential_helper-0.2.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1f3c7a14fd6ee19231c99fffd2625ad6", "sha256": "f7b98636369f95c22fcf27a75ae5080c9ae934a520f8512934878f769bfbb635" }, "downloads": -1, "filename": "okta-aws-credential-helper-0.2.1.tar.gz", "has_sig": false, "md5_digest": "1f3c7a14fd6ee19231c99fffd2625ad6", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.0.0", "size": 9648, "upload_time": "2019-05-04T12:46:25", "url": "https://files.pythonhosted.org/packages/ed/ef/9da8076d366aa076145acc0cadb34ab16372b51c2b54342d13d69eb06c6b/okta-aws-credential-helper-0.2.1.tar.gz" } ], "0.2.2": [ { "comment_text": "", "digests": { "md5": "67d189475dfc773bd0414333aee6d9d0", "sha256": "66af686e8dc2cce875192aae6ad9fca9f2860d567e7b077b6601997ffeb17226" }, "downloads": -1, "filename": "okta-aws-credential-helper-0.2.2.tar.gz", "has_sig": false, "md5_digest": "67d189475dfc773bd0414333aee6d9d0", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.0.0", "size": 9659, "upload_time": "2019-07-10T06:52:53", "url": "https://files.pythonhosted.org/packages/d9/47/c293926e913093adc944236f4ed6a9020dabc63872aa86386d1024a2cae9/okta-aws-credential-helper-0.2.2.tar.gz" } ], "0.2.3": [ { "comment_text": "", "digests": { "md5": "75ad15fdd3503758c4150316ddf43a08", "sha256": "fded31fedb0190d0844a9cf0c28ba79304dc9af4328c8de296446cd1b703c47a" }, "downloads": -1, "filename": "okta-aws-credential-helper-0.2.3.tar.gz", "has_sig": false, "md5_digest": "75ad15fdd3503758c4150316ddf43a08", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.0.0", "size": 9684, "upload_time": "2019-07-10T06:59:37", "url": "https://files.pythonhosted.org/packages/45/c1/1e407705dcdceb6c61ac199dd87cab1441c14d6e11ece0901a8fb1fc4932/okta-aws-credential-helper-0.2.3.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "2e007a044ef9898814824144caba4b12", "sha256": "1f08554c5f13afba64ccc5edaf91defbb14336190d4824a7152de68e192e5ac8" }, "downloads": -1, "filename": "okta-aws-credential-helper-0.3.0.tar.gz", "has_sig": false, "md5_digest": "2e007a044ef9898814824144caba4b12", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.0.0", "size": 9988, "upload_time": "2019-07-30T09:30:07", "url": "https://files.pythonhosted.org/packages/0f/dd/0d909e168396474c3336ef010b385dfbe403df2000a3507c75fabb2575bb/okta-aws-credential-helper-0.3.0.tar.gz" } ], "0.3.1": [ { "comment_text": "", "digests": { "md5": "8c4040fd5800ba3842cc77cac6207ef1", "sha256": "1b0e9f68f17055acc020079671d3727662dc0a77695814c8387071f1c647345e" }, "downloads": -1, "filename": "okta-aws-credential-helper-0.3.1.tar.gz", "has_sig": false, "md5_digest": "8c4040fd5800ba3842cc77cac6207ef1", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.0.0", "size": 10109, "upload_time": "2019-07-30T09:50:41", "url": "https://files.pythonhosted.org/packages/d2/5f/5ce39c67d1297549a6b53a47bce20b7f0db383efc17b4b752c7a2cf68f98/okta-aws-credential-helper-0.3.1.tar.gz" } ], "0.3.2": [ { "comment_text": "", "digests": { "md5": "a18a82faef5b008e7faf72245cde0612", "sha256": "37debbce2712f0be4e1f6708d2980fa90c1a0d1a1c2fb96f483e91ed2982e554" }, "downloads": -1, "filename": "okta_aws_credential_helper-0.3.2-py3-none-any.whl", "has_sig": false, "md5_digest": "a18a82faef5b008e7faf72245cde0612", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.0.0", "size": 10664, "upload_time": "2019-07-31T08:03:25", "url": "https://files.pythonhosted.org/packages/5b/fa/ef80f0393c5a34d2489aed9729ee20737c52aea87fc905296a461ad67650/okta_aws_credential_helper-0.3.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "5f683f80201127705abc197f430c5518", "sha256": "67d5f40c84ad0d3f5edf5b168fc9f9530ff378a36bd9bb5b26419bbc8225e500" }, "downloads": -1, "filename": "okta-aws-credential-helper-0.3.2.tar.gz", "has_sig": false, "md5_digest": "5f683f80201127705abc197f430c5518", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.0.0", "size": 10107, "upload_time": "2019-07-31T08:03:26", "url": "https://files.pythonhosted.org/packages/e7/60/3f60bc0a2ad175e5d1c5b677d168cb960d2104335bf8614ddb12710d743d/okta-aws-credential-helper-0.3.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "a18a82faef5b008e7faf72245cde0612", "sha256": "37debbce2712f0be4e1f6708d2980fa90c1a0d1a1c2fb96f483e91ed2982e554" }, "downloads": -1, "filename": "okta_aws_credential_helper-0.3.2-py3-none-any.whl", "has_sig": false, "md5_digest": "a18a82faef5b008e7faf72245cde0612", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.0.0", "size": 10664, "upload_time": "2019-07-31T08:03:25", "url": "https://files.pythonhosted.org/packages/5b/fa/ef80f0393c5a34d2489aed9729ee20737c52aea87fc905296a461ad67650/okta_aws_credential_helper-0.3.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "5f683f80201127705abc197f430c5518", "sha256": "67d5f40c84ad0d3f5edf5b168fc9f9530ff378a36bd9bb5b26419bbc8225e500" }, "downloads": -1, "filename": "okta-aws-credential-helper-0.3.2.tar.gz", "has_sig": false, "md5_digest": "5f683f80201127705abc197f430c5518", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.0.0", "size": 10107, "upload_time": "2019-07-31T08:03:26", "url": "https://files.pythonhosted.org/packages/e7/60/3f60bc0a2ad175e5d1c5b677d168cb960d2104335bf8614ddb12710d743d/okta-aws-credential-helper-0.3.2.tar.gz" } ] }