When you create a new MFA you can put the secret key into an encrypted container with the following command. You need to paste the private key for the MFA device that you can copy and paste when creating a new virtual MFA device in the AWS web console.
gpg --armor -e > ~/.aws/<mfa-name>.mfa.asc
The following snipped will allow you to easily access these MFA devices on the shell (make sure you have the oathtool installed). To get a code just run mfa <profile> and enter your passphrase.
1 2 3 4 5 6 7 8 9 10 11 12 13 |
function mfa { if [[ "x$1" == "x" ]]; then echo "usage: mfa <profile.name>" exit 1 else totpkey=$(gpg -d $AWS_HOME/$1.mfa.asc) oathtool --totp --b $totpkey | pbcopy fi } function aws_mfadevices { reply=($(find $AWS_HOME -name \*.mfa.asc | xargs basename -s .mfa.asc)) } compctl -K aws_mfadevices mfa |
The pbcopy will directly copy the 6digit number to the pastebin on Macs. On Linux you might have to tweak that a little bit to suit your needs.