Class: AWS.ProcessCredentials

Inherits:

AWS.Credentials

• Object
• AWS.Credentials
• AWS.ProcessCredentials

Defined in:

lib/credentials/process_credentials.js

Overview

Note:

This feature is not supported in the browser environment of the SDK.

Represents credentials loaded from shared credentials file (defaulting to ~/.aws/credentials or defined by the AWS_SHARED_CREDENTIALS_FILE environment variable).

Using process credentials

The credentials file can specify a credential provider that executes a given process and attempts to read its stdout to recieve a JSON payload containing the credentials:

[default]
credential_process = /usr/bin/credential_proc

Automatically handles refreshing credentials if an Expiration time is provided in the credentials payload. Credentials supplied in the same profile will take precedence over the credential_process.

Sourcing credentials from an external process can potentially be dangerous, so proceed with caution. Other credential providers should be preferred if at all possible. If using this option, you should make sure that the shared credentials file is as locked down as possible using security best practices for your operating system.

Using custom profiles

The SDK supports loading credentials for separate profiles. This can be done in two ways:

1. Set the AWS_PROFILE environment variable in your process prior to loading the SDK.
2. Directly load the AWS.ProcessCredentials provider:

var creds = new AWS.ProcessCredentials({profile: 'myprofile'});
AWS.config.credentials = creds;

Constructor Summary

• new AWS.ProcessCredentials(options) ⇒ void constructor

  Creates a new ProcessCredentials object.

Property Summary

Properties inherited from AWS.Credentials

expired, expireTime, accessKeyId, secretAccessKey, sessionToken, expiryWindow

Method Summary

• refresh(callback) ⇒ void

  Loads the credentials from the credential process.

Methods inherited from AWS.Credentials

needsRefresh, get, getPromise, refreshPromise

Constructor Details

new AWS.ProcessCredentials(options) ⇒ void

Creates a new ProcessCredentials object.

Parameters:

• options (map) —

  a set of options

Options Hash (options):

• profile (String) — default: AWS_PROFILE env var or 'default' —

  the name of the profile to load.

• filename (String) — default: '~/.aws/credentials' or defined by AWS_SHARED_CREDENTIALS_FILE process env var —

  the filename to use when loading credentials.

• callback (Function) — default: err —

  Credentials are eagerly loaded by the constructor. When the callback is called with no error, the credentials have been loaded successfully.

Method Details

refresh(callback) ⇒ void

Loads the credentials from the credential process

Callback (callback):

• function(err) { ... }

  Called after the credential process has been executed. When this callback is called with no error, it means that the credentials information has been loaded into the object (as the accessKeyId, secretAccessKey, and sessionToken properties).

  Parameters:

  • err (Error) —

    if an error occurred, this value will be filled

See Also:

• AWS.ProcessCredentials.get