wiz-sec · dependabot · Aug 3, 2021 · Feb 17, 2022 · Sep 5, 2023
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -24,7 +24,7 @@ jobs:
       id: go
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v2.4.0
+      uses: actions/checkout@v4.0.0
 
     - name: Run tests
       run: go test -race ./...

diff --git a/cli/add.go b/cli/add.go
@@ -50,7 +50,7 @@ func ConfigureAddCommand(app *kingpin.Application, a *AwsVault) {
 }
 
 func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *vault.ConfigFile) error {
-	var accessKeyId, secretKey string
+	var accessKeyId, secretKey, sessionToken string
 
 	p, _ := awsConfigFile.ProfileSection(input.ProfileName)
 	if p.SourceProfile != "" {
@@ -65,6 +65,9 @@ func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *v
 		if secretKey = os.Getenv("AWS_SECRET_ACCESS_KEY"); secretKey == "" {
 			return fmt.Errorf("Missing value for AWS_SECRET_ACCESS_KEY")
 		}
+		if sessionToken = os.Getenv("AWS_SESSION_TOKEN"); sessionToken == "" {
+			return fmt.Errorf("Missing value for AWS_SESSION_TOKEN")
+		}
 	} else {
 		var err error
 		if accessKeyId, err = prompt.TerminalPrompt("Enter Access Key ID: "); err != nil {
@@ -75,7 +78,7 @@ func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *v
 		}
 	}
 
-	creds := aws.Credentials{AccessKeyID: accessKeyId, SecretAccessKey: secretKey}
+	creds := aws.Credentials{AccessKeyID: accessKeyId, SecretAccessKey: secretKey, SessionToken: sessionToken}
 
 	ckr := &vault.CredentialKeyring{Keyring: keyring}
 	if err := ckr.Set(input.ProfileName, creds); err != nil {