v5.0.0

This version introduces a major shift of gsts to a credential_process provider - so much, in fact, that its internal structure has been completely adapted to behave like one by default.

As part of this refactor, there are a number of breaking changes too.

Breaking Changes

• gsts is now a credential_process provider and should not called manually anymore.

  The ~/.aws/config should similar to the below:

  [default]
  credential_process = gsts --idp-id=12345 --sp-id=67890
  

• Credentials are no longer stored under ~/.aws/config but instead under gsts own cache directory (~/Library/Caches/gsts on macOS, %LOCALAPPDATA%\gsts\Cache on Windows and ~/.cache/gsts on Linux) .

• All command line parameters are now overridable by corresponding environment variables with the GSTS_ prefix.

• Remove --google-* aliases.

• Remove support for node < 18.

• Daemon support has been removed in favor of the credential_process setup.

• Playwright-specific parameters (--engine-executable-path, --engine) have had --playwright added to them to make it more explicit on what they achieve (--playwright-engine-executable-path and --playwright-engine).

New Features

• Add support for cacheless operation mode with --no-credentials-cache.
• Add support for processing the following AWS CLI variables:
  • AWS_REGION
  • AWS_DEFAULT_REGION
  • AWS_PROFILE
• Add support for configuring gsts under ~/.aws/config (or any other directory configured via $AWS_CONFIG_FILE).
• Add support for setting the playwright engine channel via --playwright-engine-channel.
• Store SAML assertion in cache for further automation power.

Improvements

• Migrated to AWS SDK v3.
• Fix headless hang when Google forces interactive login mode.
• Logging has been reworked to make gsts a lot less verbose and respect non-TTY sessions more accurately.
• Set permissions for credentials file for read-write to the owner only (600).

Notable Updates

• Bump playwright@1.32.2.