tokendito 2.0.0

Get AWS STS tokens from Okta SSO

Generate temporary AWS credentials via Okta.

Use tokendito to generate temporary AWS credentials via Okta for programmatic authentication to AWS. Tokendito signs you into Okta and uses your existing AWS integration to broker a SAML assertion into your AWS accounts, returning STS tokens into your local ~/.aws/credentials file.

What's new

With the release of tokendito 2.0, many changes and fixes were introduced. It is a breaking release: your configuration needs to be updated, the command line arguments have changed, and support for python < 3.7 has been removed. The following changes are part of this release:

• Set the config file to be platform dependent, and follow the XDG standard.
• Extend configuration capabilities.
• Modernize output.
• Change the MFA method from strict match to partial match.
• Mask secrets from output logs.
• Automatically discover AWS URLs.
• Fix authentication with DUO.
• Add support for setting the logging level via both the INI file and ENV vars.
• Add support for Python 3.9 and 3.10.
• And many fixes.

Consult additional notes for how to use tokendito.

Requirements

• Python 3.7+
• AWS account(s) federated with Okta

Tokendito is compatible with Python 3 and can be installed with either pip or pip3.

Getting started

1. Install (via PyPi): pip install tokendito
2. Run tokendito --configure.
3. Run tokendito.

NOTE: Advanced users may shorten the tokendito interaction to a single command.

Have multiple Okta tiles to switch between? View our multi-tile guide.

Tips, tricks, troubleshooting, examples, and more docs are here! Also, contributions are welcome!