Cannot honor AWS_PROFILE env var

[gfzabarino]

Hello, first of all, thanks for providing this great tool!

I was trying to find a way to not to have to enter credentials for the KMSConfig, and it seems that if I don't enter the credentials key, the default local access/secret are applied. I wanted to do that so my team doesn't mistakenly push credentials to the project repository, since the idea was to version control config.json.

Having the default local value applied to access/secret makes it impossible for aws-sdk to pick the credentials from the local aws-cli configuration (i.e. ~/.aws) when about to consume the KMS service. If the tool wouldn't apply those values, a standard env var such as AWS_PROFILE could be honored.

Maybe cognito-local could allow one extra config in KMSConfig, probably "omitDefaultCredentials": true/false or similar naming, and then don't apply those defaults if that's true?

[jagregory]

Hey @gfzabarino, I don't personally use this bit of functionality but I think the intent was for it to be combined with a local KMS emulator so committing credentials wouldn't be a problem.

Just so I understand how your use case: you have cognito-local with local lambda functions but want to use the real KMS service to encrypt/decrypt the code?

[gfzabarino]

Just so I understand how your use case: you have cognito-local with local lambda functions but want to use the real KMS service to encrypt/decrypt the code?

hey @jagregory, that’s exactly what I’m doing, we have a dev kms that seems to be easier to get via aws vs setting up a local KMS emulator.