Forum » Feature Requests »

Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

pspot5

Hi,

thanks a lot for this, a really nice and modern feature.

I noticed that some important pieces are missing:

1) There is no possibility to choose the profile name. Looks like by default the [default] profile is read. In reality people would probably have several profiles in their .aws\credentials and the default profile would probably not be the one they'd want to use for WinSCP.

2) Not strictly related to AWS authentication, but related to S3: I haven't found a way to configure a KMS key for encrypting uploaded objects. Nowadays modern S3 security policies prohibit the upload of any unencrypted objects, meaning that, for example, with AWS CLI you need to add the following parameters to your 
aws s3 cp' command: '--sse aws:kms --sse-kms-key-id "alias/my-key-alias"

Cheers
martin

christoph.gysin wrote:

The current implementation requires to check the box: "Read credentials from AWS CLI configuration". I wonder if that is needed? I nicer user experience would be to search for the credentials in the order:
...

Imo, the current behaviour goes better with the GUI interface.
Let's see what others think.

Is there a way to use this feature in the automation interface (/script=script.txt)? Even with credentials in the environment, I still get prompted for access key and secret.

Use S3CredentialsEnv raw session settings: 
open s3://s3.amazonaws.com/ -rawsettings S3CredentialsEnv=on


Just for my curiosity, may I ask why you are using a fork of libs3 over the official AWS SDK? The license? Or the size?

It's long time, since I've made the decision. But I believe it was the size and the dependencies.
christoph.gysin

Thanks for sending me the development version.

It seems to work great in the GUI. I use aws-vault to load the credentials into the environment. The current implementation requires to check the box: "Read credentials from AWS CLI configuration". I wonder if that is needed? I nicer user experience would be to search for the credentials in the order:

  • session configuration
  • environment variables
  • AWS configuration files
  • prompt for user input

Is there a way to use this feature in the automation interface (/script=script.txt)? Even with credentials in the environment, I still get prompted for access key and secret. Ideally this would also support searching for credentials in the order:

  • s3 URL (s3://accesskey:secret/s3.amazonaws.com/bucketname/)
  • environment variables
  • AWS configuration files
  • prompt for user input

This would be in line with how the AWS SDK behaves. Just for my curiosity, may I ask why you are using a fork of libs3 over the official AWS SDK? The license? Or the size?

Thanks, and keep up the good work!
martin

No, it's not in 5.18.3. I've sent you the development version.
christoph.gysin

I'm also interested in this feature. Is this in 5.18.3-RC? If not, I would love to test a development version with this commit.
lewellej

Re: S3 - Use credentials from environment variables

I would strongly request this. I used winscp for years, but had to switch to cyberduck when our company went to this scheme for AWS credentials. I don't like cyberduck as well, but it does support this.
If you do implement this, best to have some kind of "Refresh" (credentials) button available, as the session token for us expires after 12 hours. Hopefully could continue to use same winscp session beyond life of one token, rather than having to close/restart.
martin

Re: S3 - Use credentials from environment variables

geo590 wrote:

The AWS CLI stores user credentials in a file and it would be ideal if that same file could be used to authenticate to S3 in WinSCP.

Thanks for this suggestion too. We will see what other users prefer.
geo590

Re: S3 - Use credentials from environment variables

The AWS CLI stores user credentials in a file and it would be ideal if that same file could be used to authenticate to S3 in WinSCP.

The file is located at C:\Users\<Username>\.aws\credentials Here's a link to the documentation:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html

The file is plain text and contains the access key, secret access key, and session token (only needed for temporary credentials). You can have 1 or more profiles in the file identified by a name enclosed in []. See example below.

It would be awesome to have an option just enter the profile name (i.e. abc) in the S3 settings that will reference the corresponding keys in the credential file.

Thanks for your consideration! 
[default]
aws_access_key_id=xxx
aws_secret_access_key=xxx
 
[abc]
aws_access_key_id=xxx
aws_secret_access_key=xxx
aws_session_token="xxx"
martin

Re: S3 - Use credentials from environment variables

Thanks for your suggestion.
We will see, if more people ask for this.
ed

S3 - Use credentials from environment variables

Rather than rely on hardcoded credentials, it would be excellent if WinSCP supported credentials stored in the default AWS environment variables:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY

Documentation

Support

Associations

Follow Us