macOS
brew install aws-keychainlocal Homebrew formula metadata
brew
Uses macOS keychain for storage of AWS credentials. Version 3.0.0 via Homebrew; verified from local package data.
install
brew install aws-keychainlocal Homebrew formula metadata
overview
Uses macOS keychain for storage of AWS credentials
history
aws-keychain is a macOS shell CLI for storing AWS IAM access keys in the macOS Keychain and checking one selected key out into `~/.aws/credentials` or into a command environment. Its README explicitly says it is no longer maintained and recommends aws-vault instead.
The upstream README identifies the project as a 2014-2015 Paul Annesley MIT-licensed tool. It was written for the Mac OS X Keychain era of local AWS access-key management, before newer credential-process, SSO, and vault-style workflows became the dominant recommendation.
GitHub lists v3.0.0 as the latest release dated September 22, 2015 and describes the repository as succeeded by aws-vault. Homebrew analytics showed only 8 installs in 30 days, 10 in 90 days, and 56 in 365 days at the time of this batch, consistent with a historical package kept around for existing users.
The command supports `add`, `ls`, `exec`, and `rm` operations for named IAM access keys in Keychain. The README warns about shell history when adding keys, supports interactive secret entry, and shows `aws-keychain exec personal aws s3 ls` as the intended safe command-running workflow.
aws-keychain is a compact example of the local-secret-storage lineage that led to better-known tools such as aws-vault. It matters less as a current recommendation and more as a package archaeology marker for how macOS AWS users avoided plaintext credentials before first-class AWS SSO workflows.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Credential-bearing paths to review before unattended agent runs.
~/.aws/credentialsexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
aws-keychain | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/pda/aws-keychain
install metadata
| Package key | brew:aws-keychain |
|---|---|
| Version | 3.0.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/aws-keychain |
| Homepage | https://github.com/pda/aws-keychain |
| Repository | https://github.com/pda/aws-keychain |
| Upstream docs | https://github.com/pda/aws-keychain#readme |
| License | MIT |
| Source archive | https://github.com/pda/aws-keychain/archive/refs/tags/v3.0.0.tar.gz |
| Bottle | available (on all) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | aws-keychain |
| Version Scheme | 0 |
| Revision | 0 |
| Requirements |
|
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | yes |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.