Skip to content

Latest commit

 

History

History
39 lines (30 loc) · 2.14 KB

README.md

File metadata and controls

39 lines (30 loc) · 2.14 KB

Mirri.js

Javascript based toolkit for automatically rotating aws IAM access keys in the AWS Credentials File. Mirri attempts to swap out AWS IAM Keys. It does this by:

  • Determining the current user and profile being used.
  • Creating a new IAM access key for this user.
  • Downloading the access key.
  • Updating the profile's credentials by overwriting the existing access key in the credentials file.
  • Marking the original access key as invalid in aws IAM.

npm version Build Status

Usage

Rotate

Rotate the access key associated with the profile. Forcing a rotation, will automatically detect and delete extra unused keys. If force is not specified rotate will fail if there are two keys in use.

    mirri rotate [--force] [profile name]

Schedule auto rotate

Rotate the access key associated with the profile on a schedule. The default is weekly rotate. Frequency is a crontab frequency. You must have mirri and node on your path for default scheduling to work. If using cron this means having something like this PATH=/home/USER/.nvm/versions/node/v8.4.0/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin specified. Cron uses a reduced path. If you don't wish to specify a path in your crontab instead pass -p as an option. Options:

  • -p --path: register mirri with the full path to the executable. This is important if your scheduling system does not contain your node modules in the path.
    mirri schedule [options] [profile name] [frequency]

Cleanup

AWS only allows two access key per IAM user. If there are already two, only one of them is being used. Cleanup will delete the other key, so that a new one can be created.

    mirri cleanup [profile name]

Caveats

Since most OS sandbox script execution environment variables cannot be changed with mirri. (For further information see #1)