From df134f3389355f1e40f611497c828b5b79cb6076 Mon Sep 17 00:00:00 2001
From: Bill Garrett <garrett@astralfrontier.org>
Date: Wed, 7 Jun 2017 10:51:13 -0700
Subject: [PATCH] Optionally get access and secret keys from AWS CLI
 configuration

---
 README.md       |  8 ++++++++
 lib/deployer.js | 15 +++++++++++++++
 package.json    |  1 +
 3 files changed, 24 insertions(+)

diff --git a/README.md b/README.md
index a758354..1b11253 100644
--- a/README.md
+++ b/README.md
@@ -19,10 +19,18 @@ deploy:
   bucket: <S3 bucket>
   aws_key: <AWS id key>  // Optional, if the environment variable `AWS_ACCESS_KEY_ID` is set
   aws_secret: <AWS secret key>  // Optional, if the environment variable `AWS_SECRET_ACCESS_KEY` is set
+  aws_cli_profile: <an AWS CLI profile name, e.g. 'default'> // Optional
   concurrency: <number of connections> // Optional
   region: <region>  // Optional, see https://github.com/LearnBoost/knox#region
   headers: <headers in JSON format> // pass any headers to S3, usefull for metadata cache setting of Hexo assets
 ```
+
+If you installed the AWS command-line tool and provided your credentials via `aws configure`,
+you can re-use those credentials. Specify a value for `aws_cli_profile`, such as "default",
+and leave `aws_key`, `aws_secret`, and `region` blank.
+If you provide key, secret, and/or region explicitly or via the environment,
+they will override what's in your AWS CLI profile.
+
 #### Example: header Cache-Control
 
 ``` yaml
diff --git a/lib/deployer.js b/lib/deployer.js
index 421c89f..a65f18a 100644
--- a/lib/deployer.js
+++ b/lib/deployer.js
@@ -1,3 +1,6 @@
+var fs = require('fs');
+var ini = require('ini');
+var path = require('path');
 var s3 = require('s3');
 var chalk = require('chalk');
 var xtend = require('xtend');
@@ -12,6 +15,18 @@ module.exports = function(args) {
       region: args.region
     }
   };
+  if (!config.s3Options.accessKeyId && !config.s3Options.secretAccessKey && args.aws_cli_profile) {
+    /* User configured their access and secret keys in ~/.aws/credentials, check there */
+    var iniFile = path.join(process.env.HOME, '.aws');
+    var iniCredentials = ini.parse(fs.readFileSync(path.join(iniFile, 'credentials'), 'utf-8'));
+    config.s3Options.accessKeyId = (iniCredentials[args.aws_cli_profile] || {}).aws_access_key_id;
+    config.s3Options.secretAccessKey = (iniCredentials[args.aws_cli_profile] || {}).aws_secret_access_key;
+    if (!config.s3Options.region) {
+      var iniConfig = ini.parse(fs.readFileSync(path.join(iniFile, 'config'), 'utf-8'));
+      var profilePath = (args.aws_cli_profile === 'default') ? args.aws_cli_profile : "profile " + args.aws_cli_profile;
+      config.s3Options.region = (iniConfig[profilePath] || {}).region;
+    }
+  }
   var client = s3.createClient(config);
 
   var publicDir = this.config.public_dir;
diff --git a/package.json b/package.json
index 85b3f7b..d85ca13 100644
--- a/package.json
+++ b/package.json
@@ -36,6 +36,7 @@
   },
   "dependencies": {
     "chalk": "^1.1.1",
+    "ini": "^1.3.4",
     "s3": "^4.4.0",
     "xtend": "^4.0.1"
   }