AWS Session Token is not imported or exported

davideclayton
davideclayton
Community Member
in CLI

In the documentation (https://developer.1password.com/docs/cli/shell-plugins/aws) is stated:

1Password CLI will then set the AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID and AWS_SESSION_TOKEN provisional environment variables to specify the temporary multi-factor authentication session values.

I'm using the CLI with AWS plugin:

➜ op --version
2.26.1

➜ aws --version
aws-cli/2.15.32 Python/3.11.8 Darwin/23.4.0 source/arm64 prompt/off

I added to ~/.aws/credentials a new record with AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID and AWS_SESSION_TOKEN then when I run op plugin init aws I can import this new record but the AWS_SESSION_TOKEN is ignored.

I tried adding the AWS_SESSION_TOKEN manually in the new vault item but does not work.

I know that the AWS_SESSION_TOKEN is the problem because if I export it manually in the terminal session then aws commands are successful.

What am I missing?

1Password Version: 8.10.28 (81028034)
Extension Version: 2.21.0
OS Version: Not Provided
Browser: Chrome

Comments

  • jerdew
    jerdew
    Community Member

    This is also a problem I am having. I followed https://developer.1password.com/docs/cli/shell-plugins/aws and I tried the recommended aws s3 ls and was told:

    An error occurred (InvalidAccessKeyId) when calling the ListBuckets operation: The AWS Access Key Id you provided does not exist in our records.

    If I export as env vars, it works.

This discussion has been closed.