You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
...was resolved by simply bumping the AWS SDK version, compiling, and testing it out.
Motivation and Context
Credential chaining did not work for me even though it should. My AWS credentials are obtained via gimme-aws-creds through Okta. This means that the ~/.aws/credentials file uses temporary aws_access_key_id and aws_secret_access_key keys.
Using AWS_PROFILE=development uses another profile as a source_profile called base; the base profile is the one that has the credentials obtained through the gimme-aws-creds CLI tool.
The following error occurred when trying to create a new file:
$ AWS_PROFILE=development sops --verbose test.yaml
[AWSKMS] INFO[0005] Encryption failed arn="arn:aws:kms:us-east-1:111122223333:key/11111c1d-b2c8-437d-ae4b-d00a123ccc45"
Error encrypting the data key with one or more master keys: [failed to encrypt new data key with master key "arn:aws:kms:us-east-1:111122223333:key/11111c1d-b2c8-437d-ae4b-d00a123ccc45": Failed to call KMS encryption service: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors]
Which made no sense because the AWS SDK solved this a while ago. The version of the AWS SDK Sops was using before this PR v1.23.13 is now almost 1 year old.
Types of changes
Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the AWS SDK version to support more types of credential chaining.
Description
It seems that the following issues:
Could potentially be helped with a simple bump of the AWS SDK version. Specifically my issue in the following comments...
...was resolved by simply bumping the AWS SDK version, compiling, and testing it out.
Motivation and Context
Credential chaining did not work for me even though it should. My AWS credentials are obtained via gimme-aws-creds through Okta. This means that the
~/.aws/credentialsfile uses temporaryaws_access_key_idandaws_secret_access_keykeys.Using
AWS_PROFILE=developmentuses another profile as asource_profilecalledbase; thebaseprofile is the one that has the credentials obtained through the gimme-aws-creds CLI tool.Here are some example files:
~/.aws/credentials
~/.aws/config
The following error occurred when trying to create a new file:
Which made no sense because the AWS SDK solved this a while ago. The version of the AWS SDK Sops was using before this PR
v1.23.13is now almost 1 year old.Types of changes
Checklist: