44 "fmt"
55 "log"
66 "os"
7+ "time"
78
89 "github.com/99designs/aws-vault/v7/prompt"
910 "github.com/99designs/aws-vault/v7/vault"
@@ -50,7 +51,8 @@ func ConfigureAddCommand(app *kingpin.Application, a *AwsVault) {
5051}
5152
5253func AddCommand (input AddCommandInput , keyring keyring.Keyring , awsConfigFile * vault.ConfigFile ) error {
53- var accessKeyID , secretKey string
54+ var accessKeyID , secretKey , sessionToken , expiration string
55+ var expires time.Time
5456
5557 p , _ := awsConfigFile .ProfileSection (input .ProfileName )
5658 if p .SourceProfile != "" {
@@ -65,6 +67,18 @@ func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *v
6567 if secretKey = os .Getenv ("AWS_SECRET_ACCESS_KEY" ); secretKey == "" {
6668 return fmt .Errorf ("Missing value for AWS_SECRET_ACCESS_KEY" )
6769 }
70+ if sessionToken = os .Getenv ("AWS_SESSION_TOKEN" ); sessionToken == "" {
71+ return fmt .Errorf ("Missing value for AWS_SESSION_TOKEN" )
72+ }
73+ if expiration = os .Getenv ("EXPIRATION" ); expiration == "" {
74+ return fmt .Errorf ("Missing value for EXPIRATION" )
75+ }
76+
77+ var err error
78+ expires , err = time .Parse (time .RFC3339 , expiration )
79+ if err != nil {
80+ return fmt .Errorf ("Error parsing EXPIRATION: %w" , err )
81+ }
6882 } else {
6983 var err error
7084 if accessKeyID , err = prompt .TerminalPrompt ("Enter Access Key ID: " ); err != nil {
@@ -75,7 +89,7 @@ func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *v
7589 }
7690 }
7791
78- creds := aws.Credentials {AccessKeyID : accessKeyID , SecretAccessKey : secretKey }
92+ creds := aws.Credentials {AccessKeyID : accessKeyID , SecretAccessKey : secretKey , SessionToken : sessionToken , Expires : expires }
7993
8094 ckr := & vault.CredentialKeyring {Keyring : keyring }
8195 if err := ckr .Set (input .ProfileName , creds ); err != nil {
0 commit comments