cognito_user_credentials - bruno-beloff/scs_analysis GitHub Wiki
docs > software repositories > scs_analysis > commands > authentication
DESCRIPTION
The cognito_user_credentials utility is used to manage the AWS Cognito credentials on the user's computer. The credentials are composed of an email address and a password. The password must be specified when the credentials are created and is required when the credentials are accessed.
The JSON identity document managed by this utility is encrypted, and a password must be used to retrieve the document. By default, the retrieval password is the same as the Cognito credentials password. However, a separate retrieval password can be specified (in order, for example, to standardise the retrieval password across multiple Cognito accounts).
It may be sometimes be convenient to store the retrieval password as a shell environmental variable. This can be done as follows:
export SCS_CREDENTIALS_RETRIEVAL=MyRetrievalPassword
Note that this does compromise the security of the password. The environmental variable may be deleted with:
unset SCS_CREDENTIALS_RETRIEVAL
The --credentials flag is only required where the user wishes to store multiple identities on their computer. Setting the credentials is done interactively, using the command line interface.
SYNOPSIS
cognito_user_credentials.py [{ -l | [-c CREDENTIALS] [{ -s | -p | -t | -d }] }] [-v]
| Options | |
|---|---|
| -h, --help | show this help message and exit |
| -l, --list | list the available credentials |
| -c CREDENTIALS_NAME, --credentials=CREDENTIALS_NAME | the stored credentials to be used |
| -s, --set | set the credentials |
| -p, --update-password | update the password |
| -t, --test | test the credentials |
| -d, --delete | delete the credentials |
| -v, --verbose | report narrative to stderr |
EXAMPLES
./cognito_user_credentials.py -s
FILES
~/SCS/aws/cognito_user_credentials.json
DOCUMENT EXAMPLE
[encrypted]
SEE ALSO
scs_analysis/cognito_user_identity