22
33This tool helps you to share a virtual TOTP MFA-device with a team by saving the intial seed at AWS SecretsManager.
44
5+ ## Pricing
6+ SecretsManager is charged both per secret and per 10.000 API calls. Every secret costs 0.40\$ /Month which will be the
7+ main operational costs of this tool. 10k API calls will cost you 0.05$, which you probably never reach in a month even
8+ with a larger people using this tool multiple times a day.
9+
10+ Because every value in AWS SecretsManager is a JSON object we could save all
11+ seeds in a single key/value pair and cap the monthly costs 0.40\$ /month by
12+ this, but would loose the feature of fine-grained access control with an IAM
13+ rule.
14+
15+ ## IAM permissions
16+ With this policy one could use all features of this tool. If you want people to just have read access, just remove the
17+ ` Delete ` and ` Create ` actions.
18+ ```
19+ {
20+ "Version": "2012-10-17",
21+ "Statement": [
22+ {
23+ "Sid": "VisualEditor0",
24+ "Effect": "Allow",
25+ "Action": [
26+ "secretsmanager:GetSecretValue",
27+ "secretsmanager:DeleteSecret"
28+ ],
29+ "Resource": "arn:aws:secretsmanager:eu-central-1:<your-account-id>:secret:2fa-*"
30+ },
31+ {
32+ "Sid": "VisualEditor1",
33+ "Effect": "Allow",
34+ "Action": [
35+ "secretsmanager:CreateSecret",
36+ "secretsmanager:ListSecrets"
37+ ],
38+ "Resource": "*"
39+ }
40+ ]
41+ }
42+ ```
43+
44+ ## Usage
545```
646Available Commands:
747 add Create a new entry
@@ -11,31 +51,31 @@ Available Commands:
1151 list A brief description of your command
1252```
1353
14- ## add
54+ ### add
1555```
1656Create a new entry
1757
1858Usage:
1959 shared-2fa add <name> <seed>
2060```
2161
22- ## delete
62+ ### delete
2363```
2464Delete an entry
2565
2666Usage:
2767 shared-2fa delete <name>
2868```
2969
30- ## generate
70+ ### generate
3171```
3272Generate a token for the given entry
3373
3474Usage:
3575 shared-2fa generate <name>
3676```
3777
38- ## list
78+ ### list
3979```
4080List all available entries
4181
0 commit comments