Logsmith is a desktop trayicon to:
- assume your favorite aws roles, and
- login & configure your gcloud config
“Who are you and how did you get in here?” -
”I'm a locksmith and i'm a locksmith”
- Police Squad! (1982)
- switch profiles
- switch regions
- keeps you logged in
- removes unused profiles
- icon will change color. You see which profiles you are using
- set and rotate access key
- fetches mfa token for you
- has a graphical user interface and a cli
The config will be stored in ${HOME}/.logsmith/accounts.yaml and should look like this:
productive:
team: team1
region: eu-central-1
color: '#388E3C'
profiles:
- profile: nonlive
account: '123456789123'
role: developer
default: true
- profile: live
account: '123456789123'
role: developer
# for google cloud:
# - gcp project is the profile group name
# - region and type are mandatory
# - profiles section is no longer needed
gcp-project-dev:
color: '#FF0000'
team: team2
region: europe-west1
type: gcp
gcp-project-prd:
color: '#388E3C'
team: team2
region: europe-west1
type: gcpIf you have account ids with leading zeros, please make sure to put them in quotes.
Click on the project that you want to use, this will trigger the typical login flow for user and application credentials using browser.
If you have multiple browser profiles, please select the correct active browser.
The login flow will be automatically stopped after 60 seconds of inactivity or not completion.
It will trigger the login flow again after 8 hours.
You may add a "source" profile which will be used to assume a given role.
This is useful when your want to assume specific service roles, but can not do so from your user directly.
productive:
team: team1
region: eu-central-1
color: '#388E3C'
profiles:
- profile: developer
account: '123456789123'
role: developer-role
- profile: service
account: '123456789123'
role: service-role
source: developerIn this example, logsmith will first assume the role 'developer-role', write the credentials in profile 'developer' and the uses the said profile to assume the role 'service-role'.
Please keep in mind that the roles will be assumed in the given order.
Please use the dialog option provided by logsmith to set your access key or save it in .aws/credentials
under the profile name access-key.
[access-key]
aws_access_key_id = blablubb
aws_secret_access_key = supersecret
Logsmith will use the .aws/config to set your region independent of your credentials in .aws/credentials.
[profile nonlive]
region = eu-central-1
output = json
The region in your config will be used if you don't specify a region in your aws cli call or set AWS_REGION environment variable.
Logsmith can fetch mfa tokens from your yubikey if you have a suitable cli tool installed.
For example:
- ykman (mac)
- yubioath (linux)
On the logsmith config dialog, you can specify the appropriate command to fetch the token. Your command should return the 6 digit code. Please also keep in mind that you might have to provide the whole path/command.
Example:
/usr/local/bin/ykman oath code | awk 'NF>1{print $NF}' .
Logsmith will write the active profile group to ${HOME}/.logsmith/active_group. This could be used to include the current profile group in your shell prompt.
Example:
some_directory [master] (production) %If you provide one of the following parameter logsmith will automatically start in cli mode:
--list lists profile groups
--login LOGIN Login with group
--logout Remove profiles
--region REGION Overwrite region to login to
--set-access-key set access key
--rotate-access-key rotate access key
-o --oneshot exit after loginExample to login with cli mode:
./logsmith --login team1If you want to build a binary, please use the following steps:
./setup.sh
./package.shThe binary will be in dist.
For mac, just drop the dist/logsmith.app in your application directory.
This icon was provided by game-icons.net and was made by Lorc under CC BY 3.0
The icons in app/assets were provided by material.io and are licenced under Apache license version 2.0.
logsmith is currently in active development and welcomes code improvements, bug fixes, suggestions and feature requests.
For those of your interested, providing documentation to other parties is equally welcome.
Please document all notable changes to this project in the provided changelog under 'Unreleased' with usage of the provided format and categories.
Note that this project adheres to Semantic Versioning.
To create a new release, please use the following steps:
- update the CHANGELOG.md with the changes that will be in the release. Please use the provided format and categories to choose the new version number.
- update the version number in
app/__version__.py. - create a commit with the new version number as commit message which includes the changes mentioned above.
- tag the commit with the new version number.
- Use the github action to create a release.
- Update the release description with the changes from the CHANGELOG.md.
- Publish the release.
If a release is broken or contains security issues of any kind, it should be yanked.
If you want to yank a release, please use the following steps:
- update the release version to
yanked-<version>. - update github release name accordingly and delete the all uploaded files.
- update CHANGELOG.md accordingly and if possible, provide a reason.
- update commit tag accordingly.
Distributed under Apache License 2.0