docs: document AWS environment variables

Signed-off-by: Norman Santiago <nsantiago2719@gmail.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Hidde Beydals <hiddeco@users.noreply.github.com>
getsops · Oct 9, 2023 · c6c9ba5 · c6c9ba5
1 parent e0c73ec
commit c6c9ba5
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/README.rst b/README.rst
@@ -64,7 +64,10 @@ recommended to use at least two master keys in different regions.
 
 	export SOPS_KMS_ARN="arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e,arn:aws:kms:ap-southeast-1:656532927350:key/9006a8aa-0fa6-4c14-930e-a2dfb916de1d"
 
-Your AWS credentials must be present in ``~/.aws/credentials``. sops uses aws-sdk-go.
+SOPS uses `aws-sdk-go-v2 <https://github.com/aws/aws-sdk-go-v2>`_ to communicate with AWS KMS. It will automatically
+read the credentials from the ``~/.aws/credentials`` file which can be created with the ``aws configure`` command.
+
+An example of the ``~/.aws/credentials`` file is shown below:
 
 .. code::
 
@@ -73,6 +76,17 @@ Your AWS credentials must be present in ``~/.aws/credentials``. sops uses aws-sd
 	aws_access_key_id = AKI.....
 	aws_secret_access_key = mw......
 
+In addition to the ``~/.aws/credentials`` file, you can also use the ``AWS_ACCESS_KEY_ID`` and ``AWS_SECRET_ACCESS_KEY``
+environment variables to specify your credentials:
+
+.. code:: bash
+
+	export AWS_ACCESS_KEY_ID="AKI......"
+	export AWS_SECRET_ACCESS_KEY="mw......"
+
+For more information and additional environment variables, see
+`specifying credentials <https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials>`_.
+
 If you want to use PGP, export the fingerprints of the public keys, comma
 separated, in the **SOPS_PGP_FP** env variable.