Limit role session name length to 64 characters.

Originally fixed by @SinisterMinister Fixes #741
2026-02-05 12:45:21 +01:00 · 2022-04-04 13:02:29 -07:00
parent 268b5ff155
commit 1bb30e28b4
1 changed files with 7 additions and 0 deletions
--- a/kms/keysource.go
+++ b/kms/keysource.go
@@ -172,6 +172,13 @@ func (key MasterKey) createStsSession(config aws.Config, sess *session.Session)
 	sanitizedHostname := stsRoleSessionNameRe.ReplaceAllString(hostname, "")
 	stsService := sts.New(sess)
 	name := "sops@" + sanitizedHostname
+
+	// Make sure the name is no longer than 64 characters (role session name length limit from AWS)
+	roleSessionNameLengthLimit := 64
+	if len(name) >= roleSessionNameLengthLimit {
+		name = name[:roleSessionNameLengthLimit]
+	}
+
 	out, err := stsService.AssumeRole(&sts.AssumeRoleInput{
 		RoleArn: &key.Role, RoleSessionName: &name})
 	if err != nil {