recommend the use of sdk credential file

Per @kimpepper's recommendation, recommend the use of the standard AWS SDK credential file in our documentation and missing_credentials error message. Fix #14.
WhoopInc · Apr 30, 2015 · 45270ab · 45270ab
1 parent a82c72c
commit 45270ab
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,13 @@
+## Unreleased
+
+**Unknown**
+
+Enhancements:
+
+* recommend the use of the AWS SDK's centralized credential file [#14]
+
+Thanks, [@kimpepper][kimpepper]!
+
 ## 1.0.3
 
 **10 March 2015**
@@ -72,7 +82,9 @@ Enhancements:
 [#7]: https://github.com/WhoopInc/vagrant-s3auth/issues/7
 [#9]: https://github.com/WhoopInc/vagrant-s3auth/issues/9
 [#11]: https://github.com/WhoopInc/vagrant-s3auth/pull/11
+[#14]: https://github.com/WhoopInc/vagrant-s3auth/issues/14
 
 [andres-rojas]: https://github.com/andres-rojas
+[kimpepper]: https://github.com/kimpepper
 
 [vagrant-aws]: https://github.com/mitchellh/vagrant-aws
diff --git a/README.md b/README.md
@@ -51,13 +51,33 @@ end
 AWS credentials are read from the standard environment variables
 `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
 
-If you need to obtain credentials from elsewhere, drop a block like the
-following at the top of your Vagrantfile:
+You may find it more convenient to use the
+[centralized credential file][aws-cred-file] to create a credential
+profile. Select the appropriate profile using the `AWS_PROFILE`
+environment variable. For example:
+
+```ini
+# ~/.aws/credentials
+
+[vagrant-s3auth]
+aws_access_key_id = AKIAJMEF2VEAT6AXOJZQ
+aws_secret_access_key = WkNzH66zoOMTg4q+9eQ6Sf76ehcBrWegj1hjwkey
+```
+
+```ruby
+# Vagrantfile
+
+ENV['AWS_PROFILE'] = 'vagrant-s3auth'
+
+Vagrant.configure("2") { |config| ... }
+```
+
+Alternatively, you can write some Ruby to set the access key directly:
 
 ```ruby
-creds = File.read(File.expand_path('~/.company-aws-creds')).lines
-ENV['AWS_ACCESS_KEY_ID']     = creds[0].chomp
-ENV['AWS_SECRET_ACCESS_KEY'] = creds[1].chomp
+access_key, secret_key = whizbang_inc_api.fetch_api_creds()
+ENV['AWS_ACCESS_KEY_ID']     = access_key
+ENV['AWS_SECRET_ACCESS_KEY'] = secret_key
 ```
 
 ##### IAM configuration
@@ -223,6 +243,7 @@ end
 ```
 
 [aws-403-404]: https://forums.aws.amazon.com/thread.jspa?threadID=56531#jive-message-210346
+[aws-cred-file]: http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs
 [aws-s3-iam]: http://blogs.aws.amazon.com/security/post/Tx3VRSWZ6B3SHAV/Writing-IAM-Policies-How-to-grant-access-to-an-Amazon-S3-bucket
 [aws-signed]: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
 [aws-user-policy]: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html

diff --git a/locales/en.yml b/locales/en.yml
@@ -2,14 +2,20 @@ en:
   vagrant_s3auth:
     errors:
       missing_credentials: |-
-        Unable to read AWS credentials from the environment.
+        Unable to find AWS credentials.
 
         Ensure the following variables are set in your environment, or set
         them at the top of your Vagrantfile:
 
             AWS_ACCESS_KEY_ID
             AWS_SECRET_ACCESS_KEY
 
+        Alternatively, you can create a credential profile and set the
+
+            AWS_PROFILE
+
+        environment variable. Consult the documentation for details.
+
       malformed_shorthand_url: |-
         Malformed shorthand S3 box URL: