tthayer
commented
3 years ago I run into this issue multiple times a day and there are a couple of things to note.
- Vaulted just runs and spawns the shell and then is done.
- In order for it to detect anything you would need to keep a background process running that is aware of the sessions that are open.
- You can't request a new token from a spawned session.
- The background service would need to reach into a spawned session in order to request a new MFA token or vaulted would have to have support built-in for various MFA solutions to automatically pull a token value.
These are all really huge problems to solve for something that is fairly straightforward and quite good at what it does. I use a shell plugin to report back how much time is left in my session and it does a pretty good job of keeping me from running commands that I know are going to fail. Green means go(ish) and red means stop, exit, vaulted shell blahblah, etc:
function vaulted_prompt_info() {
local vaulted_env="$VAULTED_ENV"
local bg_color="green"
if [[ -n $vaulted_env ]]; then
local ttl=$(datediff now $VAULTED_ENV_EXPIRATION -f %M)
[[ $ttl -lt 0 ]] && bg_color="red"
prompt_segment $bg_color black "(vs: `echo $vaulted_env` `echo $ttl`)"
prompt_end
fi
}
I often have the shell open for quite a while, e.g. while developing my Terraform setup, an running commands against AWS. Then suddenly they start to timeout / fail in weird ways and I have to remember that the token has likely expired and to quite & restart vaulted. The main pain point here is the realization that the session has expired.
Possible solutions:
What do you think?
(Perhaps somewhat related to #107 ?)