Old OIDC/SSO sessions are still lingering, even though their credentials may be expired or the profile was already deleted.

Step 1: Fully remove all aws-vault data

Run the following to remove all entries stored in aws-vault:

aws-vault remove --all

This command clears all sessions and credentials, even if they’re not visible in the list.

🔹 Step 2: Clear from system keychain (if --all doesn’t work)

Depending on your OS:

• macOS: bashCopyEditsecurity delete-generic-password -s aws-vault
• Linux (using secret-tool): bashCopyEditsecret-tool clear aws-vault <profile-name>
• Windows:
  Open Credential Manager, find anything related to aws-vault, and delete it manually.

Command Line (PowerShell) For Window OS

To remove all aws-vault entries via PowerShell:

cmdkey /list | Where-Object { $_ -like "*aws-vault*" } | ForEach-Object {
    if ($_ -match "Target: (.+)$") {
        $target = $matches[1].Trim()
        cmdkey /delete:$target
    }
}

This script lists all stored credentials, filters out the ones for aws-vault, and deletes them.