OKTA_PASSWORD_CMD.md

OKTA_PASSWORD_CMD Documentation

Help wanted!

Please contribute additional examples for your favored platform or password manager.

Example: macOS KeyChain

1. Create password entry security add-generic-password -a $OKTA_USERNAME -s okta-aws-cli -T /usr/bin/security -U
2. Launch KeyChain Access and search for okta-aws-cli
3. Set OKTA_PASSWORD_CMD to security find-generic-password -a $OKTA_USERNAME -s okta-aws-cli -w

Example: GNU/Linux GNOME Keyring

1. Check if you have installed the secret-tool command. In Debian is included in the libsecret-tools package, so you can install it with apt:

   sudo apt install libsecret-tools

2. Create a new entry in your Login Keyring (you will be asked for your password):

   secret-tool store --label='Okta Credentials' okta:username $OKTA_USERNAME

3. Set OKTA_PASSWORD_CMD to:

   secret-tool lookup okta:username $OKTA_USERNAME

Example: Windows PowerShell

1. Type the following into a PowerShell command

   (Get-Credential).password | ConvertFrom-SecureString | Set-Content "$env:USERPROFILE\.okta\.password"
   

2. Type in your credentials into the resulting popup, PowerShell will encrypt your password using your user profile (Windows Data Protection API) and store it in a file named .password in $env:USERPROFILE\.okta\
   
3. Set OKTA_USERNAME if it is not already set
4. Set OKTA_PASSWORD_CMD to:

   OKTA_PASSWORD_CMD=@echo off & for /f \"usebackq tokens=*\" %a in (`PowerShell -Command \"(New-Object System.Management.Automation.PSCredential ($env:UserName, (Get-Content $env:USERPROFILE\\.okta\\.password | ConvertTo-SecureString))).GetNetworkCredential().Password\"`) do echo %a