Old OIDC/SSO sessions are still lingering, even though their credentials may be expired or the profile was already deleted.

Step 1: Fully remove all aws-vault data

Run the following to remove all entries stored in aws-vault:

aws-vault remove --all

This command clears all sessions and credentials, even if they’re not visible in the list.

🔹 Step 2: Clear from system keychain (if --all doesn’t work)

Depending on your OS:

  • macOS: bashCopyEditsecurity delete-generic-password -s aws-vault
  • Linux (using secret-tool): bashCopyEditsecret-tool clear aws-vault <profile-name>
  • Windows:
    Open Credential Manager, find anything related to aws-vault, and delete it manually.

Command Line (PowerShell) For Window OS

To remove all aws-vault entries via PowerShell:

cmdkey /list | Where-Object { $_ -like "*aws-vault*" } | ForEach-Object {
if ($_ -match "Target: (.+)$") {
$target = $matches[1].Trim()
cmdkey /delete:$target
}
}

This script lists all stored credentials, filters out the ones for aws-vault, and deletes them.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top