Allow to specify a default file for credentials options

[andrewmiskell]

I love the new credentials option, it does make my life a lot easier when using applications like Cyberduck!

However, I know the default is to output to stdin, but would it be possible to be able to specify a default file in the config.yaml so it doesn't have to be specified each time I need to generate credentials for those types of apps (ones that rely on the credentials file to support AWS SSO, like CyberDuck)?

[synfinatic]

Can you explain what limitation Cyberduck has which requires this?

Basically, why are you using insecure hardcoded IAM credentials instead of the dynamic credentials provided via aws-sso config-profiles? If you want it to go to some special file, why not just create an alias or shell script which redirects the output to the appropriate file?

[andrewmiskell]

Unless I'm missing something, Cyberduck doesn't support the method used in the aws-sso config-profiles in order to work (at least I've never been able to get it to work properly).

I've always had to use the aws sso login/aws sts get-caller-identity method described in the Cyberduck documentation in order to make it work.

https://docs.cyberduck.io/protocols/s3/#connecting-using-credentials-from-aws-command-line-interface

[synfinatic]

If people don't use the AWS SDK then things don't work. Nothing I can do there.

I'm still not sure why you can't just use a shell script or alias? Just redirect the output to a file. :)

[synfinatic]

I should ask, have you talked to Cyberduck to see if they can or will support credential_process ?

https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-sourcing-external.html

[andrewmiskell]

There's already a couple of issues created around ease of use with the SSO process, including the credential_process. Unfortunately, doesn't seem to be getting much traction.

https://github.com/iterate-ch/cyberduck/issues/11664

https://github.com/iterate-ch/cyberduck/issues/13377

[synfinatic]

So I still don't understand why you can't just create a shell script or alias to "specify a default file". there are so many configuration options today that I actually feel things are kinda out of hand and this seems to be something that can be handled outside of aws-sso.