Skip to content

Latest commit

 

History

History
48 lines (39 loc) · 2.17 KB

OKTA_PASSWORD_CMD.md

File metadata and controls

48 lines (39 loc) · 2.17 KB

OKTA_PASSWORD_CMD Documentation

Help wanted!

Please contribute additional examples for your favored platform or password manager.

Example: macOS KeyChain

  1. Create password entry security add-generic-password -a $OKTA_USERNAME -s okta-aws-cli -T /usr/bin/security -U
  2. Launch KeyChain Access and search for okta-aws-cli
  3. Set OKTA_PASSWORD_CMD to security find-generic-password -a $OKTA_USERNAME -s okta-aws-cli -w

Example: GNU/Linux GNOME Keyring

  1. Check if you have installed the secret-tool command. In Debian is included in the libsecret-tools package, so you can install it with apt:
    sudo apt install libsecret-tools
  2. Create a new entry in your Login Keyring (you will be asked for your password):
    secret-tool store --label='Okta Credentials' okta:username $OKTA_USERNAME
  3. Set OKTA_PASSWORD_CMD to:
    secret-tool lookup okta:username $OKTA_USERNAME

Example: Windows PowerShell

  1. Type the following into a PowerShell command
    (Get-Credential).password | ConvertFrom-SecureString | Set-Content "$env:USERPROFILE\.okta\.password"
    
  2. Type in your credentials into the resulting popup, PowerShell will encrypt your password using your user profile (Windows Data Protection API) and store it in a file named .password in $env:USERPROFILE\.okta\
    PowerShell Prompt
  3. Set OKTA_USERNAME if it is not already set
  4. Set OKTA_PASSWORD_CMD to:
    OKTA_PASSWORD_CMD=@echo off & for /f \"usebackq tokens=*\" %a in (`PowerShell -Command \"(New-Object System.Management.Automation.PSCredential ($env:UserName, (Get-Content $env:USERPROFILE\\.okta\\.password | ConvertTo-SecureString))).GetNetworkCredential().Password\"`) do echo %a
    

Example: Lastpass

  1. Install LassPass' CLI tool, lpass
  2. Store your password in LassPass, making note of the entries path in your hierarchy
  3. Create an entry in ~/.okta/config
OKTA_PASSWORD_CMD=lpass show --password mysite.com