mirri
v1.2.23
Published
Toolkit for automatically rotating aws IAM access keys.
Downloads
32
Readme
Mirri.js
Javascript based toolkit for automatically rotating aws IAM access keys in the AWS Credentials File. Mirri attempts to swap out AWS IAM Keys. It does this by:
- Determining the current user and profile being used.
- Creating a new IAM access key for this user.
- Downloading the access key.
- Updating the profile's credentials by overwriting the existing access key in the credentials file.
- Marking the original access key as invalid in aws IAM.
Usage
Rotate
Rotate the access key associated with the profile. Forcing a rotation, will automatically detect and delete extra unused keys. If force is not specified rotate will fail if there are two keys in use.
mirri rotate [--force] [profile name]
Schedule auto rotate
Rotate the access key associated with the profile on a schedule. The default is weekly rotate. Frequency is a crontab frequency. You must have mirri
and node
on your path for default scheduling to work. If using
cron this means having something like this PATH=/home/USER/.nvm/versions/node/v8.4.0/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
specified. Cron uses a reduced path. If you don't
wish to specify a path in your crontab instead pass -p
as an option.
Options:
-p --path
: register mirri with the full path to the executable. This is important if your scheduling system does not contain your node modules in the path.
mirri schedule [options] [profile name] [frequency]
Cleanup
AWS only allows two access key per IAM user. If there are already two, only one of them is being used. Cleanup will delete the other key, so that a new one can be created.
mirri cleanup [profile name]
Caveats
Since most OS sandbox script execution environment variables cannot be changed with mirri. (For further information see #1)