creds-to-env 1.0.0

Maps AWS Credentials to Docker Environment File

Creds To Env

creds-to-env is a CLI that maps AWS credentials (typically but not necessarily generated by gimme-aws-creds) to an environment file that can be passed to an AWS docker container using the --env-file flag.

When sending environment variables to docker containers, docker expects each line of the file to be in the format of VAR=VAL, but gimme-aws-creds writes the resulting credentials file with lower-case keys and spaces around the equal signs that delimit key/value pairs, both of which will result in different errors when passing the credentials file as an environment file to the docker container.

Problem Example

Assuming you have run gimme-aws-creds, and assuming your AWS credentials are in the default location of ~/.aws/credentials, and you wanted to run the local Step Functions container from AWS with the following command:

docker run -p 8083:8083 --env-file ~/.aws/credentials amazon/aws-stepfunctions-local

The following error would occur due to the whitespace around the equal sign:

docker: poorly formatted environment: variable 'aws_access_key_id ' contains whitespaces.
See 'docker run --help'.

If we remove the spaces around the equal sign on each line of the credentials file, running the same docker command gives us the next error:

Step Functions Local
Version: 1.8.1
Build: 2022-02-08
2022-03-10 23:49:49.620: Failed to load credentials from environment because Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY))
2022-03-10 23:49:49.664: Failed to load credentials from profile: default because profile file cannot be null
2022-03-10 23:49:49.664: Failed to load credentials from system properties because Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey)
2022-03-10 23:49:49.664: Failed to load credentials, default to dummy credentials, so any connection to AWS services will not work, connections to local endpoints are not affected.

Which indicates that the key/value pairs are not being recognized by the step functions process in the docker container. If we change the keys to be upper case and run the docker command again, the credentials are recognized and the container starts without issue.

Hard coding a persistent file for credentials won't work, as the key/value pairs will change each time gimme-aws-creds is run.

Prerequisites

Python 3.6+

Optional

Gimme-aws-creds can be used to initially create the credenttials file.

Installattion

This is a Python3 project. Install/upgrade from PyPi.

pip3 install --upgrade creds-to-env

Usage

This package will read in the data from the credentials file, transform it into the format the docker container is expecting, and write the transformed data out to a new file, which can then be used to pass in to the docker container, leaving the existing credentials in place and unmodified.

While no parameters are required, both the input file and output file can be specified as command line parameters. The input file must exist and the output folder must exist.

• -i, --input specifices the path to the input file, defaults to ~/.aws/credentials

• -o, --output specifieds the path to the output file, defaults to ~/.aws/credentials.env

If an input file is provided but an output file is not, the output file will automatically default to the same name as the input file with the extensions replace with .env.

License

Creds To Env is released under the MIT License.