Javascript based toolkit for automatically rotating aws IAM access keys in the AWS Credentials File. Mirri attempts to swap out AWS IAM Keys. It does this by:
- Determining the current user and profile being used.
- Creating a new IAM access key for this user.
- Downloading the access key.
- Updating the profile's credentials by overwriting the existing access key in the credentials file.
- Marking the original access key as invalid in aws IAM.
Rotate the access key associated with the profile. Forcing a rotation, will automatically detect and delete extra unused keys. If force is not specified rotate will fail if there are two keys in use.
mirri rotate [--force] [profile name]Rotate the access key associated with the profile on a schedule. The default is weekly rotate. Frequency is a crontab frequency. You must have mirri and node on your path for default scheduling to work. If using
cron this means having something like this PATH=/home/USER/.nvm/versions/node/v8.4.0/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin specified. Cron uses a reduced path. If you don't
wish to specify a path in your crontab instead pass -p as an option.
Options:
-p --path: register mirri with the full path to the executable. This is important if your scheduling system does not contain your node modules in the path.
mirri schedule [options] [profile name] [frequency]AWS only allows two access key per IAM user. If there are already two, only one of them is being used. Cleanup will delete the other key, so that a new one can be created.
mirri cleanup [profile name]Since most OS sandbox script execution environment variables cannot be changed with mirri. (For further information see #1)