add a USAGE document

gregwebs · gregwebs · commit 5ccaf730ac18 · 2017-04-17T15:11:41.000-07:00
diff --git a/README.md b/README.md
@@ -26,6 +26,8 @@ The macOS release is code-signed, and you can verify this with `codesign`:
 
 ## Usage
 
+See the [USAGE](./USAGE.md) document for more help and tips.
+
 ```bash
 # Store AWS credentials for the "home" profile
 $ aws-vault add home
@@ -37,17 +39,8 @@ $ aws-vault exec home -- aws s3 ls
 bucket_1
 bucket_2
 
-# store credentials for the "work" profile
-$ aws-vault add work
-Enter Access Key Id: ABDCDEFDASDASF
-Enter Secret Key: %
-
-# Execute a command using temporary credentials
-$ aws-vault exec work -- aws s3 ls
-another_bucket
-
 # Inspect the environment
-$ aws-vault exec work -- env | grep AWS
+$ aws-vault exec home -- env | grep AWS
 AWS_VAULT=work
 AWS_DEFAULT_REGION=us-east-1
 AWS_REGION=us-east-1
@@ -59,10 +52,9 @@ AWS_SECURITY_TOKEN=%%%
 
 ### Backends
 
-You can choose different secret storage backends, which may be particularly useful on Linux.
-By default, Linux uses an encrypted file. You can use your system keyring by choosing the secret-service backend which [abstracts over Gnome/KDE](https://specifications.freedesktop.org/secret-service/).
+You can choose among different pluggable secret storage backends. By default, Linux uses an encrypted file. You can use your system keyring by choosing the secret-service backend which [abstracts over Gnome/KDE](https://specifications.freedesktop.org/secret-service/).
 
-    AWS_VAULT_BACKEND=secret-service
+See the [USAGE](./USAGE.md) document for more help and tips.
 
 ## Security
 
diff --git a/USAGE.md b/USAGE.md
@@ -0,0 +1,50 @@
+
+# Help
+
+aws-vault --help
+
+
+## Multiple profiles
+
+```bash
+# Store AWS credentials for the "home" profile
+$ aws-vault add home
+Enter Access Key Id: ABDCDEFDASDASF
+Enter Secret Key: %
+
+# Execute a command using temporary credentials
+$ aws-vault exec home -- aws s3 ls
+bucket_1
+bucket_2
+
+# store credentials for the "work" profile
+$ aws-vault add work
+Enter Access Key Id: ABDCDEFDASDASF
+Enter Secret Key: %
+
+# Execute a command using temporary credentials
+$ aws-vault exec work -- aws s3 ls
+another_bucket
+```
+
+
+## Overriding the aws CLI to use aws-vault
+
+You can create an overriding script (make it higher precedence in your PATH) that looks like the below:
+
+```
+#!/bin/bash
+set -euo pipefail
+ 
+AWS_PROFILE=${AWS_DEFAULT_PROFILE:-work}
+exec aws-vault exec "$AWS_PROFILE" -- /usr/local/bin/aws "$@"
+```
+
+The exec helps reduce the number of processes that are hanging around. The `$@` passes on the arguments from the wrapper to the original command.
+
+
+## Backends
+
+You can choose different secret storage backends, which may be particularly useful on Linux, where you may prefer to use the system keyring with this environment variable:
+
+    AWS_VAULT_BACKEND=secret-service
