s3cmd

Local README excerpt

s3cmd Radioisotope

s3cmd stores S3 access credentials in ~/.s3cfg by default.

This radioisotope migrates that config into the Automic Vault keychain and wraps s3cmd so it reads a temporary config file only while it is running.

The source config file is rewritten with blank sensitive values so access keys, secret keys, and passphrases are not left in plaintext on disk.

Caveats

• We currently migrate the default ~/.s3cfg file only.
• Explicit --config or -c arguments can override the temporary file.
• Settings changes made while s3cmd runs are written to the temporary config

and are not persisted back to the keychain.

• Direct execution of the original binary will not receive credentials.

Source: data/radioisotopes/s3cmd/README.md