Kion CLI v0.2.0
Caching and AWS credential_process support has been added to the Kion CLI! See the AWS docs HERE for more information as well as the README.md document in this repo for examples on how to use Kion CLI as a credential provider.
Kion CLI will now use cached STAKs by default to improve performance and reduce the number of calls to Kion. STAKs will be considered as valid for 15 minutes unless Kion reports back a longer STAK duration. Note that Kion is expected to start returning the duration of a STAK along with the STAK itself starting on versions 3.6.29, 3.7.19, 3.8.13, and 3.9.5.
The cache will be stored in the system's keychain, and depending on your operating system, you may be prompted to allow Kion CLI to access the cache entry on your first run.
Cached STAKs will be used by default unless:
- Caching is disabled via the
--disable-cacheglobal flag - Caching is disabled in the
~/.kion.ymlconfiguration file by settingkion.disable_cache: true - The credential has less than 5 seconds left and Kion CLI is being used as an AWS credential provider
- The credential has less than 5 seconds left and Kion CLI is being used to run an ad hoc command
- The credential has less than 5 minutes left and Kion CLI is being used to print keys
- The credential has less than 5 minutes left and Kion CLI is being used to create an authenticated subshell
- The credential has less than 10 minutes left and Kion CLI is being used to create an AWS configuration profile
Lastly, the following environment variables will no longer be set when using the run command to execute ad hoc commands:
KION_ACCOUNT_NUM
KION_ACCOUNT_ALIAS
KION_CARAdded
- Support to use Kion CLI as a credential process subsystem for AWS profiles [/pull/38]
- Add caching for faster operations [/pull/38]
- SAML tokens are now cached for 9.5 minutes [/pull/39]
Changed
- Kion session data has moved from the
~/.kion.ymlconfiguration file to the cache [/pull/39]
Removed
KION_*env variables removed from subshell environments when using theruncommand [/pull/38]