one time pass as argument?

[tamis-laan]

I would like to do:

aws-mfa --one-time-pass 123456

Is this possible?

[hoto]

That would be super useful for scripting login to AWS with passwords managers. Using an environment variable would be ok as well.

For now you could always grab the TOTP to clipboard and paste it when aws-mfa ask: e.g. with 1password cli:

awsmfa='op item get q4myjst4inexxxx6dmyr2ey --field type=otp --format json | jq -r .totp | pbcopy && aws-mfa --profile prod --force'

[osiegmar]

I just noticed that this functionality was actually implemented by https://github.com/broamski/aws-mfa/commit/5334deb170204c14922b25b22617c2b1e909d0f6 four years ago (2018-05-15) but never released.

This makes it very simple to use aws-mfa together with 1Password-CLI:

aws-mfa --force --token $(op item get <item id> --otp)

@broamski Could you release a 0.0.13 please?

Maybe AgileBits wants to update https://blog.1password.com/1password-cli-2_0/ then in order to enhance security by using aws-mfa! ;-)