A comprehensive multi-language credential testing tool for various cloud providers and APIs. This tool helps troubleshoot authentication issues by testing credentials across different SDKs (Python and JavaScript) to determine if problems are credential-related or SDK-specific.
- AWS - Test AWS access keys, view IAM permissions, and verify account identity
- OpenAI - Test API keys, check quota/usage, and list available models
- Google Cloud Platform (GCP) - Test service account keys, verify project access, and check IAM permissions
The tool implements identical tests in both Python and JavaScript to ensure consistent behavior across different SDK implementations. This script does the following:
- Prompt for access key
- Prompt for secret access key
- Make a call to sts GetCallerIdentity with the provided credentials
Ideally, everything passes in every language. However, in the case of failure, we have more info on what went wrong:
- If the script passes in one language but fails in another, assuming the same credentials were provided, then this suggests an issue with a specific languages credentials/signer code. A hash is printed to stdout to verify the same values are passed to each language specific script.
- If the script fails in every language this suggests there's an issue with the credentials and not with the SDKs.
First, install the node and python packages. You can use pip/npm
directly or you can just run make install.
$ make install
$ make test
# or manually:
$ bash test-creds.sh`�ash $ bash test-creds.sh openai
### Test GCP Service Account
`�ash
$ bash test-creds.sh gcp
```bash
$ bash test-creds.sh openai
The scripts will prompt you for your credentials and then:
- Validate the credentials are correct
- Show what resources/models you have access to
- Display permissions and capabilities (when available)
- Display usage/quota information (for keys with billing access)
- Test both Python and JavaScript implementations
- Generate cryptographic hashes to verify consistency across languages
- 🔐 Secure credential input (password-masked prompts)
- ✅ Multi-language validation (Python & JavaScript)
- 📊 Detailed capability reporting
- 🔍 Permission and quota analysis
- 🛡️ Hash verification for consistency checking
⚠️ Clear error messages and diagnostics
- STS GetCallerIdentity (account ID, user ARN, user ID)
- IAM user permissions (attached policies, inline policies, group memberships)
- Credential validity and authentication
- API key validity and authentication status
- Available models (GPT-4, GPT-3.5, DALL-E, Whisper, TTS, Embeddings)
- Subscription and billing information (when accessible)
- Current usage and quota limits
- Test API call with token usage tracking
$ make install
npm install
pip install -r requirements.txt
Requirement already satisfied: botocore<2.0.0,>=1.5.0 in /usr/local/lib/python2.7/site-packages (from -r requirements.txt (line 1))
Requirement already satisfied: python-dateutil<3.0.0,>=2.1 in /usr/local/lib/python2.7/site-packages (from botocore<2.0.0,>=1.5.0->-r requirements.txt (line 1))
Requirement already satisfied: docutils>=0.10 in /usr/local/lib/python2.7/site-packages (from botocore<2.0.0,>=1.5.0->-r requirements.txt (line 1))
Requirement already satisfied: jmespath<1.0.0,>=0.7.1 in /usr/local/lib/python2.7/site-packages (from botocore<2.0.0,>=1.5.0->-r requirements.txt (line 1))
Requirement already satisfied: six>=1.5 in /usr/local/lib/python2.7/site-packages (from python-dateutil<3.0.0,>=2.1->botocore<2.0.0,>=1.5.0->-r requirements.txt (line 1))
Next, you can run the test script by running make test.
If everything is successful you should see similar output:
$ make test
./test-creds.sh
Testing python...
Access Key:
Secret Access Key:
AKID hash: 1b94fb49749540691da15efedd6c991d949e492e0102fcc56bf15846cd4d1ba7
AKID length: 20
SAK hash: 1bb74946861076203ef2d31e08c464c2eb9932e761114336d2a4f64ec7987667
SAK length: 40
Successfuly made an AWS request with the provided credentials.
Testing javasript...
Access Key: ********************
Secret Access Key: ****************************************
AKID hash: 1b94fb49749540691da15efedd6c991d949e492e0102fcc56bf15846cd4d1ba7
AKID length: 20
SAK hash: 1bb74946861076203ef2d31e08c464c2eb9932e761114336d2a4f64ec7987667
SAK length: 40
Sucessfully made an AWS request with the provided credentials.
Note in the above output the hmac of the access key in python matches the hmac of the access key in node. Same for secret access key.
This project is a fork and enhancement of aws-creds-test by James Saryerwinnie (@jamesls).
Original Project:
- Repository: https://github.com/jamesls/aws-creds-test
- Author: James Saryerwinnie
- License: Apache License 2.0
Enhancements in this fork:
- Added OpenAI API key testing and validation
- Added IAM permissions and policy inspection for AWS
- Added billing/quota information for OpenAI keys
- Enhanced error handling and diagnostics
- Improved documentation and usage examples
Original concept and AWS testing framework by James Saryerwinnie.