New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support AWS SSO for S3 backend #4688
Comments
Hey @fdw, If I got your requirement correctly.
[Edit] Would be similar to |
Yes, but it's a file in |
We use https://github.com/minio/minio-go as library to access S3. If that has support for that SSO mechanism (not sure whether it does, I haven't checked), then I'm fine with adding support for AWS SSO. |
Hey found this has been discussed before on the restic forum: Is AWS SSO authentication supported Quoting from the answer from Jul'22:
minio-go/pkg/credentials Looks like the status remains the same. Support has not been added. You can check the thread for some workarounds mentioned by another user. |
That is quite a pity, as I have no alternative to SSO, and copying the keys every time I want to restic is not really a viable option. It only makes me want to avoid doing backups. Thank you anyway 🙂 |
I have created a feature request on the minio-go github,they can probably pick this up if they're interested or recommend any alternative way Here is a reference to that issue: |
aws-sso-file-credential-support.tar.gz Hey @fdw, [Edit] I have pulled from a pending MR on minio which implements this requirement; and have locally pulled the package. You can check the source code I've shared above. I was not sure how to share with your a working build, so I decided to just share the source code with you. You can run a local build.
PS: @MichaelEischer please let me know if this is a nice way of sharing some test code, I couldn't think of anything else. |
I just tried it, but unfortunately I only get errors: With
This sounds like a rights issue :/ The |
@fdw Please use the region specific S3 endpoint, e.g. |
Unfortunately, |
@fdw I guess, you can mention this issue on the minio thread. Probably the original creator of the sso method might help with something. |
Output of
restic version
restic 0.16.2 compiled with go1.21.3 on linux/amd64
What should restic do differently? Which functionality do you think we should add?
Support AWS SSO logins for authenticating against the S3 backend
What are you trying to do? What problem would this solve?
I would like to use restic to backup data on an AWS S3 bucket that is protected using AWS SSO.
AWS_PROFILE
is already supported by restic, but the SSO login doesn't set the env variables directly. Instead, they're written to a json file in.aws/sso/cache
. I would like restic to read and use them (or find another way to work frictionlessly with SSO).Did restic help you today? Did it make you happy in any way?
Yes, restic does make me happy, so thank you for all your efforts! I feel a lot safer knowing (not just believing) that I have backups available.
The text was updated successfully, but these errors were encountered: