Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Passing a single string to Aws::ProcessCredentials.new is insecure" now appearing when using credential_process option in an aws config #3061

Closed
cswilliams opened this issue Jul 3, 2024 · 4 comments · Fixed by #3062
Closed

"Passing a single string to Aws::ProcessCredentials.new is insecure" now appearing when using credential_process option in an aws config #3061

cswilliams opened this issue Jul 3, 2024 · 4 comments · Fixed by #3062
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.

Comments

@cswilliams
Copy link

Describe the bug

After upgrading to the most recent version of aws-sdk-core, I started receiving the following warning:
Passing a single string to Aws::ProcessCredentials.new is insecure, please use use an array of system arguments instead

This appears to happen because I have the "credential_process" option set in my aws config file like so:

[profile my-account]
role_arn = << role_arn >>
source_profile = << profile >>
region= << region >>

[profile my-account-creds]
credential_process = aws-vault export --format=json my-account
region=us-east-2

Then in ruby I try to use the profile:

require 'aws-sdk-core'
require 'aws-sdk-s3'
Aws.config.update(profile: 'my-account-creds')
Aws::S3::Client.new
Passing a single string to Aws::ProcessCredentials.new is insecure, please use use an array of system arguments instead
=> #<Aws::S3::Client>

It seems like this warning was adding recently in #3048

Is there a proper way to set credential_process in the aws config file to avoid this warning? I couldn't find any example of it taking an array.

Expected Behavior

Not receive a warning.

Current Behavior

A warning appears: Passing a single string to Aws::ProcessCredentials.new is insecure, please use use an array of system arguments instead

Reproduction Steps

See the bug description.

Possible Solution

No response

Additional Information/Context

No response

Gem name ('aws-sdk', 'aws-sdk-resources' or service gems like 'aws-sdk-s3') and its version

aws-sdk-core 3.201.0

Environment details (Version of Ruby, OS environment)

Ruby 3.3.1 OSX
@cswilliams cswilliams added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 3, 2024
@mullermp
Copy link
Contributor

mullermp commented Jul 3, 2024

There is no way to satisfy this from the profile case, this was a mistake from my part. I have an idea for a fix. For now, you can ignore the warning.

@mullermp mullermp mentioned this issue Jul 3, 2024
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 3, 2024

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

@mullermp
Copy link
Contributor

mullermp commented Jul 3, 2024

This should be fixed on the next release, likely next week given the holidays.

@cswilliams
Copy link
Author

awesome, thank you!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Do not warn using process credentials in shared config aws/aws-sdk-ruby
2 participants
@cswilliams @mullermp