add details on README.srt file for using aws keys in environment vari…

…ables Signed-off-by: Norman Santiago <nsantiago2719@gmail.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Hidde Beydals <hiddeco@users.noreply.github.com>
getsops · Sep 30, 2023 · fad3c33 · fad3c33
1 parent 507a652
commit fad3c33
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/README.rst b/README.rst
@@ -64,7 +64,7 @@ recommended to use at least two master keys in different regions.
 
 	export SOPS_KMS_ARN="arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e,arn:aws:kms:ap-southeast-1:656532927350:key/9006a8aa-0fa6-4c14-930e-a2dfb916de1d"
 
-Your AWS credentials must be present in ``~/.aws/credentials``. sops uses aws-sdk-go.
+SOPS uses aws-sdk-go-v2 to authenticate in AWS. The following are some examples on using credential files and environment variables.
 
 .. code::
 
@@ -73,6 +73,15 @@ Your AWS credentials must be present in ``~/.aws/credentials``. sops uses aws-sd
 	aws_access_key_id = AKI.....
 	aws_secret_access_key = mw......
 
+On the other hand you can also declare the ``AWS_ACCESS_KEY_ID`` and ``AWS_SECRET_ACCESS_KEY`` in your environment variables and sops will also automatically read it.
+
+.. code:: bash
+
+	export AWS_ACCESS_KEY_ID="AKI......"
+	export AWS_SECRET_ACCESS_KEY="mw......"
+
+If you are using EC2 instance and it is using a IAM role, it would also automatically use it. For more information see `specifying credentials <https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials>`_.
+
 If you want to use PGP, export the fingerprints of the public keys, comma
 separated, in the **SOPS_PGP_FP** env variable.