From e2f70722090a8a26fba876f14eb805c540c5074f Mon Sep 17 00:00:00 2001
From: obeliskm <43050059+obeliskm@users.noreply.github.com>
Date: Thu, 27 Jun 2019 18:07:48 +1200
Subject: [PATCH] Basic support for AWS creds in ~/.aws/credentials

Adds code to attempt to get AWS creds from ~/.aws/credentials, if it exists, and the creds aren't already set.
It's pretty simplistic, it just grabs the first values from the file, it does not honour [sections] in the ini formatted credentials file.
---
 dnsapi/dns_aws.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh
index 246f4774..f4ad9d46 100755
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@@ -26,6 +26,20 @@ dns_aws_add() {
     _use_container_role || _use_instance_role
   fi
 
+  # if not already set, attempt to get AWS creds from a local creds file.
+  # this is naive, it just grabs the first values from .aws/credentials
+  # it does not honour [sections] in the ini formatted credentials file.
+  if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
+    CREDFILE="${HOME}/.aws/credentials"
+    if [ -e "$CREDFILE" ]; then
+      AWS_ACCESS_KEY_ID=$(grep -m 1 -i AWS_ACCESS_KEY_ID "$CREDFILE" | cut -f 2 -d"=" | tr -d ' ')
+      AWS_SECRET_ACCESS_KEY=$(grep -m 1 -i AWS_SECRET_ACCESS_KEY "$CREDFILE" | cut -f 2 -d"=" | tr -d ' ')
+    fi
+    # todo: if the key is found in the creds file, then if we can assume it'll be there in the future,
+    # then there's likely no point saving it in the account config, so we should do what needs to be done
+    # to disable saving the AWS creds in the acme.sh config.
+  fi
+  
   if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
     AWS_ACCESS_KEY_ID=""
     AWS_SECRET_ACCESS_KEY=""