[Cyberduck-trac] [Cyberduck] #10620: Add AWS session token field for S3 connections

Cyberduck trac at cyberduck.io
Sat Feb 16 20:49:03 UTC 2019

#10620: Add AWS session token field for S3 connections
    Reporter:  vwalveranta  |      Owner:
        Type:  feature      |     Status:  new
    Priority:  normal       |  Milestone:
   Component:  core         |    Version:
    Severity:  normal       |   Keywords:  MFA session token
Architecture:               |   Platform:
 When MFA is required/enforced in order to use for a given profile, it
 cannot be used with Cyberduck currently because Cyberduck doesn't allow
 the entry of the session token along with the standard AWS credentials.
 This is separate from the deletion token that can be set on S3 buckets,
 and when configured and enforced, it doesn't allow any access with given
 access key ID / secret access key unless a user is in MFA session (and so
 that the session token is also provided). When an MFA session is
 initialized, AWS provides a new access key ID and a new secret access key
 (they are separate from the credentials of the profile the MFA session was
 started for) in addition to the session token. These credentials are only
 valid for the validity period of the session.

 This is supported, for example, by Cloudberry Explorer. I have created a
 set of scripts to manage the MFA sessions on the command line as my
 employer is moving to MFA enforcement also on the command line (with the
 enforcement enabled any tool that utilizes the access keys won't work
 unless it allows also the entry of the session token). The utility scripts
 and their documentation can be found at the following URL:

Ticket URL: <https://trac.cyberduck.io/ticket/10620>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list