I have a bit of an odd problem that I need an elegant solution to. I am using a build tool that requires logging in to a service (AWS CodeArtifact specifically). When I login via CLI, it sets an environment variable - let's call this TOKEN
. When I run any build, it requires presence of TOKEN
to authenticate.
Now, after logging in, builds in the same shell work but obviously, builds in new shells (which aren't sub-shells) fail because TOKEN
is of course not defined. I'm looking at ways to solve this; ideally a solution that does something like this:
- Login shell: after logging in, save
TOKEN
in~/.token
- All shells: run something every minute which sets
TOKEN
to the value in~/.token
I have 2 questions:
- Is this the best way - or is there something more elegant?
- If so, what's the best way to do (2) above?
The final catch is that this is something I'll be distributing to end users on their machines, so it would be great if its easily scriptable.
Thanks in advance - stay safe!
When question 2 is answered, the solution for question 1 is simple: Start writing a function that will return the token.
The first implementation will recalculate a fresh token without any caching or sharing.
How often do you need the token? When you don't build every minute, an extra job (cronjob) refreshing the token every minute is not needed. In such a case you can refresh the token before each api-call by calling the function. You do not need to store or share it.
When you do need the TOKEN very often, you can modify the function. Using a file is straight forward, but you can also use another solution like a server (when you want the token available on remote hosts for users who have been identified with some other token).
How to automate the manual process for getting a new token, is the next challenge.
Can you find a method, where you do not need to enter a password (something like using
.aws/config
or (better) assigning the right roles to your server)? Or do you need to script the call withexpect
?The API call get-authorization-token requires the codeartifact:GetAuthorizationToken and sts:GetServiceBearerToken permissions.