or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

credentials.mdec2rolecreds.mdendpointcreds.mdindex.mdlogincreds.mdprocesscreds.mdssocreds.mdstscreds.md
tile.json

credentials.mddocs/

Static Credentials Provider

Package: github.com/aws/aws-sdk-go-v2/credentials

The core credentials package provides the StaticCredentialsProvider for managing static AWS credentials that never expire.

Import

import "github.com/aws/aws-sdk-go-v2/credentials"

Overview

Static credentials are useful for testing, development, or when credentials are loaded from secure configuration management systems. The credentials are set once and never expire during the lifetime of the provider.

Usage Example

package main

import (
    "context"
    "fmt"
    "github.com/aws/aws-sdk-go-v2/credentials"
)

func main() {
    // Create static credentials provider
    provider := credentials.NewStaticCredentialsProvider(
        "AKIAIOSFODNN7EXAMPLE",
        "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
        "", // Session token (optional)
    )

    // Retrieve credentials
    creds, err := provider.Retrieve(context.TODO())
    if err != nil {
        panic(err)
    }

    fmt.Printf("Access Key: %s\n", creds.AccessKeyID)
    fmt.Printf("Source: %s\n", creds.Source)
}

API Reference

Constants

const StaticCredentialsName = "StaticCredentials"

Provider name identifier for static credentials.

NewStaticCredentialsProvider

func NewStaticCredentialsProvider(key, secret, session string) StaticCredentialsProvider

Creates and returns a StaticCredentialsProvider initialized with the provided AWS credentials.

Parameters:

  • key (string): AWS access key ID
  • secret (string): AWS secret access key
  • session (string): AWS session token (optional, can be empty string)

Returns:

  • StaticCredentialsProvider: Initialized provider with the credentials

Example:

provider := credentials.NewStaticCredentialsProvider(
    "AKIAIOSFODNN7EXAMPLE",
    "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
    "",
)

StaticCredentialsProvider

type StaticCredentialsProvider struct {
    Value  aws.Credentials
    Source []aws.CredentialSource
}

A set of credentials which are set and will never expire.

Fields:

  • Value (aws.Credentials): The actual credential values (AccessKeyID, SecretAccessKey, SessionToken)
  • Source ([]aws.CredentialSource): Credential chain information for reporting and debugging purposes (not meant to be set directly)

Retrieve

func (s StaticCredentialsProvider) Retrieve(_ context.Context) (aws.Credentials, error)

Returns the credentials or an error if the credentials are invalid.

Parameters:

  • _ (context.Context): Context parameter (unused for static credentials)

Returns:

  • aws.Credentials: The static credentials
  • error: StaticCredentialsEmptyError if credentials are empty or invalid

Example:

creds, err := provider.Retrieve(context.TODO())
if err != nil {
    // Handle error - credentials are empty or invalid
    log.Fatal(err)
}
// Use creds.AccessKeyID, creds.SecretAccessKey, etc.

ProviderSources

func (s StaticCredentialsProvider) ProviderSources() []aws.CredentialSource

Returns the credential chain that was used to construct this provider.

Returns:

  • []aws.CredentialSource: Credential source chain for debugging

Example:

sources := provider.ProviderSources()
for _, source := range sources {
    fmt.Printf("Source: %s\n", source.Name)
}

StaticCredentialsEmptyError

type StaticCredentialsEmptyError struct{}

Error type emitted when static credentials are empty or invalid.

Error

func (*StaticCredentialsEmptyError) Error() string

Returns the error message describing that static credentials are empty.

Returns:

  • string: Error message

Error Handling

The StaticCredentialsProvider validates credentials during retrieval and returns a StaticCredentialsEmptyError if:

  • The access key ID is empty
  • The secret access key is empty

Example:

provider := credentials.NewStaticCredentialsProvider("", "", "")
creds, err := provider.Retrieve(context.TODO())
if err != nil {
    var emptyErr *credentials.StaticCredentialsEmptyError
    if errors.As(err, &emptyErr) {
        fmt.Println("Static credentials are empty")
    }
}

Integration with AWS SDK

Static credentials can be used with AWS SDK service clients:

import (
    "context"
    "github.com/aws/aws-sdk-go-v2/aws"
    "github.com/aws/aws-sdk-go-v2/credentials"
    "github.com/aws/aws-sdk-go-v2/service/s3"
)

func main() {
    provider := credentials.NewStaticCredentialsProvider(
        "AKIAIOSFODNN7EXAMPLE",
        "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
        "",
    )

    cfg := aws.Config{
        Region:      "us-west-2",
        Credentials: provider,
    }

    client := s3.NewFromConfig(cfg)
    // Use client for S3 operations
}

Best Practices

  1. Security: Never hardcode credentials in source code. Load from secure configuration systems or environment variables.

  2. No Caching Needed: Static credentials don't need wrapping with aws.CredentialsCache since they never expire or change.

  3. Session Tokens: Include session token when using temporary credentials from STS or IAM roles, even though using StaticCredentialsProvider.

  4. Validation: The provider validates credentials only when Retrieve() is called, not during construction.