PyBritive is a Python-based full-featured command line interface for Britive. PyBritive supports both end-user as well as admin features. PyBritive is an open-source project, and we invite participation from all our users.

screenshot of the command line to check out permisisions using PyBritive

In this 5-part blog series, I’ll cover five (5) of my favorite PyBritive features. We have designed PyBritive to simplify developer workflows and reduce the toll on the users. In this blog, I would like to talk about various check-out modes available with “–mode/-m” option for the checkout command.

First, you can run a check-out command with an option to open the resulting session in a specific browser. E.g. you can use:

pybritive checkout "AWS/299000000090-lab2/Developer-AdminAccess" -m browser-firefox --alias "lab2-dev"

This will check out the requested profile and create an AWS web session on Mozilla Firefox. You will also notice that I have defined an alias for this profile. PyBritive would store these aliases in the local cache, allowing you to use the alias instead of the full profile name. You can also use the -m browser and this would open the default browser with the appropriate session. So, another example could be:

pybritive checkout lab2-dev -m browser

Second, you can use CSP-specific option commands that would present the output of the check-out command in the requested format. E.g.

pybritive checkout lab2-dev -m env

This would provide an output with a list of export commands that you can run to set your command-line (cli) environment with short-term credentials generated by Britive. The output would be similar to:

export AWS_SECRET_ACCESS_KEY="2dyxxXx57VyUAv3xxxxxxxxxxxxxxQq6XXxX"
export AWS_SESSION_TOKEN="***redacted***"
export AWS_EXPIRATION="2021-10-22T06:47:13Z"

Lastly, you can use a mode called “awscredentialprocess”, this would allow you to configure various AWS profiles within the credentials file that can automatically checkout a Britive profile and credentials for the session in the cli. An example of this could look something like this:

more ~/.aws/credentials

credential_process=pybritive-aws-cred-process --profile lab2-dev

In this example, when selecting or activating an AWS profile in your environment, PyBritive will automatically update the local session with short-lived credentials. This streamlines developer workflows while reducing security risk.

You can visit the documentation page for more options and review all available PyBritive commands.