aws-vault is a great tool to help with AWS authentication.
Below are some useful tips around it.
aws-vault creates a keychain file at
It sets 5 minutes lock timeout, so you’d have to re-enter keychain password quite often.
To see current setting:
security show-keychain-info $KEYCHAIN_FILE
To drop all locking settings:
security set-keychain-settings $KEYCHAIN_FILE
To modify timeout setting:
security set-keychain-settings -u -t 86400 $KEYCHAIN_FILE
Note: be careful to specify file, if you don’t it will modify the default one, which is usually “login”
When your Access / Secret key pairs is about to expire, you can rotate it straight from terminal without the need to login to AWS Console:
aws-vault rotate --no-session <your-email-address>
Note: If your key has already expired this will not work. You will need to manually delete the key from your Security Credentials section on the AWS console, create a new secret / key pair and re-run
aws configure with your new key to make it work again.