Is your feature request related to a problem? Please describe.

I have some account alias which are quite long, so the account name on the main page is truncated.
It's not possible to resize the window to show the full account name.

Describe the solution you'd like

Make the window resizable and "expand" the shown account name.

Describe alternatives you've considered

Right-click on the system try icon to see the full name

Additional context

Leapp 0.3.2

Is your feature request related to a problem? Please describe.
We need a way to troubleshoot user bugs.

Describe the solution you'd like
A logging solution that writes errors to disk.

Describe the bug
Every time i come back to the home screen using the "back button" inside the new account definition page, the credentials are refreshed.

To Reproduce
Steps to reproduce the behavior:

1. Lunch the wizard for create new account definition.
2. Choose one between AWS or Azure
3. In the page where you define the account information click the back arrow button.
4. See the credentials refresh.

Desktop (please complete the following information):

• OS: MacOS
• Version 10.15.7

Describe the bug
In the profile section, if no proxy URL is provided, the textbox contains "undefined" string.

Screenshots

Desktop (please complete the following information):

• OS: macOS
• Version 10.15.7

Describe the bug
The quick list only shows the current section and the last ADDED not USED accounts.

To Reproduce
Steps to reproduce the behavior:

1. Add a few accounts to Leapp (e.g. 10)
2. start a session in the first inserted account
3. Open the quick list in notification bar: you see the current session marked and the latest added accounts
4. start a new session with the second added account
5. open again the quick list and the previous session is gone: you just have the current session marked and the four latest added ADDED accounts

Expected behavior
A clear and concise description of what you expected to happen.

Desktop (please complete the following information):

• OS: Ubuntu 18.04

Describe the bug
When you click on multiple 3-dot menu buttons the menus do not close automatically.

Leapp Version
0.2.6

To Reproduce

1. Click on the "3-dots" button next to any Role.
2. Click on the "3-dots" button next to another Role.
3. The menu of the first role is still open

Expected behavior
There should be only one open menu at time

Desktop:

• OS: macOS Catalina
• OS Version 10.15.7
• Leapp Version 0.2.6

Describe the solution you'd like
Ability to use Azure AD as an identity provider for AWS accounts.

Additional context
We would like to use Leapp to programatically access multiple AWS accounts. The SSO is federated by Azure AD, we log in through myapps.microsoft.com and choose "AWS SSO" from the list of options. This in turn takes us to the usual AWS accounts list. From here we choose "Command line or programmatic access".

Current steps

1. Log in to myapps.microsoft.com
2. Chose "AWS SSO" from the list of options
3. Site xyzxyzxyz.awsapps.com/start gets opened with all accounts present
4. Choose account and "Command line or programmatic access" (which assumes an AdministratorRole in the target account)
5. Paste access keys into terminal manually

Screenshots (console)

Describe the bug
Hamburger menu button does not work after the menu is closed.

Leapp Version
0.2.6

To Reproduce

1. Click hamburger menu button
2. Close the lateral menu
3. Click hamburger menu button again
4. Menu does not open
5. If you click that button again it works

Expected behavior
Open the menu with one click.

Desktop

• OS: macOS Catalina
• OS Version 10.15.7
• Leapp Version 0.2.6

Describe the bug
Remove notification message on credentials successfully refreshed

Is your feature request related to a problem? Please describe.

When configuring trusted accounts, I cannot use another truster account as a credentials source.
In my scenario I have my company account T. To access customer's accounts I now have a trust relationship to their org account C. This org account has trust relationships with the workload accounts of the clients W1, W2, ...

I now need to use the following cred chain: T -> C -> W1

Describe the solution you'd like
I would love to have a truster account as a credential source

Describe alternatives you've considered
None come to my mind

Describe the bug
The drop down forgets history when account is changed using the task bar dropdown

Leapp Version
0.2.7 deb ubuntu

To Reproduce
Steps to reproduce the behavior:

1. Change accounts using leapp app
2. change account using taskbar cropdown
3. history is gone

Desktop (please complete the following information):

• OS:ubuntu 18.04
• OS Version 18.04
• Leapp Version 0.2.7

Hello,
I just downloaded for the first time the release 0.3 and moved it on the application directory.
When I start it I just get a blank screen and nothing happen.

If I run the app from the cli I get:

/Applications/Leapp.app/Contents/MacOS/Leapp
12:35:29.461 › Setupping workspace for the first time
feedURL https://update.electronjs.org/Noovolari/leapp/darwin-x64/0.3.0
requestHeaders { 'User-Agent': 'update-electron-app/2.0.1 (darwin: x64)' }
checking-for-update
update-not-available
(node:22785) DeprecationWarning: Passing functions, DOM objects and other non-cloneable JavaScript objects to IPC methods is deprecated and will throw an exception beginning with Electron 9.

My blank screen:

Please make available for non-Debian based distros, like .rpm, .AppImage, ecc...

It would be really nice to be able to find an account by account id instead of name.

Is your feature request related to a problem? Please describe.
Every time you start an SSM Session with Session Manager, you have to prompt /bin/bash to open the terminal.

Describe the solution you'd like
I suggest opening the terminal with a message from leapp, maybe with an Ascii art.
Then start with the
bin/bash
the command to launch the session in the right way.

Additional context
This would work for Linux instances only, how to manage Windows Instances?

The client seems stuck after it is resumed from the notification tray, I'm unable to perform any action.

How to Reproduce
Steps to reproduce the behavior:

1. Open Leapp app
2. Close it
3. Resume it from the notification tray
4. See error

Windows 10 Pro Version 2004 (OS Build 19041.450)

AWS Truster account ids are nice, but accounts can be identified also by their name (or alias) which usually works in "switch role" functionality. Having support also for account names would be great

Describe the bug

I configured a "truster" account. When I try to activate it I get an error.
The configured role contains a path, e.g. pathpart1/pathpart2/rolename

Leapp Version

0.3.2

To Reproduce
Steps to reproduce the behavior:

1. configure a "truster" account where the role has a path
2. activate the account

Desktop (please complete the following information):

• OS: Windows
• OS Version 10
• Leapp Version 0.3.2

Additional context

This is the error I see in the log file (I replaced the actual role name):

[2020-11-19 22:54:51.923] [error] [renderer] [t] Error in assume role from plain to truster in get session token:  ValidationError: 1 validation error detected: Value 'truster-on-xxx/yyy/rolename' at 'roleSessionName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w+=,.@-]*
    at constructor.extractError (file:///C:/Users/fulgoni/AppData/Local/Programs/Leapp/resources/app.asar/dist/leapp-client/main.120160f17d385276afa2.js:2:3499698)
    at constructor.callListeners (file:///C:/Users/fulgoni/AppData/Local/Programs/Leapp/resources/app.asar/dist/leapp-client/main.120160f17d385276afa2.js:2:2539143)
    at constructor.emit (file:///C:/Users/fulgoni/AppData/Local/Programs/Leapp/resources/app.asar/dist/leapp-client/main.120160f17d385276afa2.js:2:2538853)
    at constructor.emitEvent (file:///C:/Users/fulgoni/AppData/Local/Programs/Leapp/resources/app.asar/dist/leapp-client/main.120160f17d385276afa2.js:2:2723145)
    at constructor.e (file:///C:/Users/fulgoni/AppData/Local/Programs/Leapp/resources/app.asar/dist/leapp-client/main.120160f17d385276afa2.js:2:2718652)
    at r.runTo (file:///C:/Users/fulgoni/AppData/Local/Programs/Leapp/resources/app.asar/dist/leapp-client/main.120160f17d385276afa2.js:2:753905)
    at file:///C:/Users/fulgoni/AppData/Local/Programs/Leapp/resources/app.asar/dist/leapp-client/main.120160f17d385276afa2.js:2:754111
    at constructor.<anonymous> (file:///C:/Users/fulgoni/AppData/Local/Programs/Leapp/resources/app.asar/dist/leapp-client/main.120160f17d385276afa2.js:2:2718922)
    at constructor.<anonymous> (file:///C:/Users/fulgoni/AppData/Local/Programs/Leapp/resources/app.asar/dist/leapp-client/main.120160f17d385276afa2.js:2:2723201)
    at constructor.callListeners (file:///C:/Users/fulgoni/AppData/Local/Programs/Leapp/resources/app.asar/dist/leapp-client/main.120160f17d385276afa2.js:2:2539249)

It seems the role name is concatenated to truster-on- for the session name, but the / char is not supported. If so, removing all the chars which don't match [\w+=,.@-] may fix the issue.

Bug description
Inside the Create Account wizard, if I'm creating a Plain Account as the first one, the Save Button remains disabled.

How to reproduce the bug
Steps to reproduce the behavior:

1. Launch the application for the first time;
2. The application asks you to create an Account;
3. Select "Plain" as Account type;
4. Fill the Account creation form with the new Account's attributes.

Expected behavior
We expect the Save Button to be enabled once all the Account attributes are filled in the form.

Desktop

• OS: Linux Ubuntu
• Version: 18.04

Describe the bug
Dialog boxes "A new version has been downloaded. Close and re-open Leapp to use the new version." keep popping up after automatic application update and closing then re-opening the app as indicated. The app crashes when trying to open it.

Leapp Version
0.3.2 (before automatic update)

Expected behavior

• Click "ok" on dialog box
• Close Leapp
• Re-open Leapp

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Windows 10
• Leapp Version: 0.3.2

Describe the bug
The string list in the SSM session tab is unformatted. Buttons are pushed to the next line.

To Reproduce
Steps to reproduce the behavior:

1. Start an active session
2. Click on SSM session

Expected behavior
I expect to have a short view of the name of the EC2 (and it's IP) with a tooltip with the entire one.

Screenshots

Describe the bug
The client stucks/hangs during the loading screen after the first installation.

To Reproduce
Steps to reproduce the behavior:

1. Downloaded the DMG
2. Mounted and copied the app into the application folder
3. open the app and followed the instructions

Expected behavior
Would like to see what's next to the loading screen

• OS: [MacOS]
• Version [High Sierra 10.13.6]

Additional Information
I can't update my OS since my PC is old!

Describe the bug
The current version does not support AWS accounts that require multi-factor authentication.

To Reproduce
Steps to reproduce the behavior:

1. Create a plain account
2. Click on 'Create account' to add a Truster account
3. The Truster option is greyed out

Expected behavior
After creating a plain account, there should a possibility to click on "Truster" and add a truster account.

Desktop (please complete the following information):

• OS: Windows 10
• Version 02.4

Or leave only in the development version.

Direct SSO URL is supporte correctly, but many customers (i.e. myself) use SSO with an alias (i.e. aws.mycompany.com). If the alias is entered, the app hangs up immediately, and becomes unresponsive. I had to force quit Leapp and start over.

Hi, when i configure the federated login and go to the "small browser" for login into gsuite account i get error with the browser is not compatible with google.

When launched for the first time, Leapp deletes .aws/credentials file, after making a backup copy into .aws/credentials.bpk which is a pretty generic name (other app use the same name).
Moreover the user is not warned about this operation and doing a ```cat`` on credentials file produces an empty result

For every account definition it would be nice if there was a chance to select a the default region for the generated credentials.

Describe the bug
Every time i come back to the home screen using the "back button" inside the new account definition page, the credentials are refreshed.

To Reproduce
Steps to reproduce the behavior:

1. Lunch the wizard for create new account definition.
2. Choose one between AWS or Azure
3. In the page where you define the account information click the back arrow button.
4. See the credentials refresh.

Desktop (please complete the following information):

• OS: MacOS
• Version 10.15.7

Description

On ubuntu the UI cuts the last part of the latest item in the credentials list

Additional Context

Describe the bug

Do not see a list of instances to connect to.

Leapp Version

Version 0.2.6 (0.2.6)
10.14.6 (18G6032) Mac OSX Majave

To Reproduce

1. I created a new EC2 instance (t2.micro) using Amazon Linux 2 as I know it has the agent and then added the instance role that allows Session Manager to work
2. once it started, I tested from my browser if i could start a session manager - it worked ok
3. then i setup a new profile on Leapp
4. tried connection and it just sits there.
   I thought it might have been vpn at first so disconnected and still getting that

Expected behavior

A list of instances

Additional context
Tried disconnecting VPN. Tried different AWS users. Tried accessing session manager via console - all ok.

When I run execute setup on Windows 10 I have this problem.
It seems that certificates on setup file are not correct.

Thanks

Describe the solution you'd like
I would like to setup a default ouput, global and for session using this output format :
https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-output.html

Describe alternatives you've considered
We can always append output or setup a variabile like this : export AWS_DEFAULT_OUTPUT but it works only for Linux system

First of all, I like your idea. Looks like it's a really useful solution for multi-account access.

Is your feature request related to a problem? Please describe.
Currently, Leapp doesn't support another IdP except for AWS SSO and Google.

Describe the solution you'd like
Support Okta as IdP provider for temporary credentials fetching and using with the app

Describe the bug
On ubuntu the menu in the notification bar only shows the last 5 inserted accounts, not the last used ones

Desktop (please complete the following information):

• Ubuntu 18.04

Currently, when I want to try to start a SSM session, I get a list of instances by instance IDs. I would like to know the name of each instance id as our instances are immutable. Can you update the returned list to include the instance names derived from the Name tag?

Is your feature request related to a problem? Please describe.

If I start the Create Account wizard and change my mind, there is apparently no way to go back to the main page.
Except... that little "<" button in the "My Access strategy" area, which I found when I was already writing this issue :-)
I think that that button is not evident enough to the user.

Describe the solution you'd like

Replace the "<" button with an "exit" (or "back", "home") button on the left of the "save" button, which exits the wizard and shows me the main page.

Describe alternatives you've considered

Restarting the app :-)

Additional context

I'm using version 0.3.2

It would be great if there was the possibility to export workspace.json (that contains all the personal configuration), and import it in another installation.

Bug description
When a Session Card is clicked, new tray icons appear in the top bar.

To Reproduce
Steps to reproduce the behavior:

1. Launch the application;
2. From the Quick List, click on a Session Card.

Expected behavior
Only one tray icon is expected to be shown in the top bar.

Desktop (please complete the following information):

• OS: Linux Ubuntu
• Version: 18.04

For large enterprise, our corporate networks are not internet routable, so all egress traffic from a desktop must exit out via a web proxy (example Squid).
Application needs to either use the proxy definition that the OS automatically get via GPO policy or needs to allow end user to setup a variable to define the proxy settings.
Typically setup info needed
http.proxyhost http.proxyhostport
https.proxy https.proxyhostport
proxy auth username/password

As an example see how VS code or other Electron apps are setup, you can leverage same code/config setup.

Describe the bug
The current version will only allow for a single account

To Reproduce
Steps to reproduce the behavior:
Create an account
Create AWS account
Select Plain
Fill in the form
will replace the only account in the application

Desktop (please complete the following information):

OS: MacOS
Version 10.15.7

Is your feature request related to a problem? Please describe.

I'd like to be able to edit a "truster" account which I previously created

Describe the solution you'd like

Add an edit menu like the one for "plain" accounts

Describe alternatives you've considered

Delete and create the account again

Additional context

Leapp 0.3.2

Is your feature request related to a problem? Please describe.
Users should be able to change the "default region" at any time for a specific session.

Describe the solution you'd like
We already have a region setting, it would be perfect if this setting would be used as a default on each session start.
Users should be able to switch region for the current session using a simple selector. The selector should reset to the "default region" for the account when changing the session.

Describe the bug
When hitting the force refresh key combination, the page tries to refresh but it doesn't load anymore and become unresponsive. Quit will not work and only way to restart is to kill the process.

To Reproduce
Steps to reproduce the behavior:

1. Hit CTRL+SHIFT+R
   or
2. Select "view"
3. Hit Force Refresh

Expected behavior
App should refresh the page and display the home page or the page the user was on.

Desktop (please complete the following information):

• OS: MacOS
• Version: 10.15.6

Describe the bug
Command path for launching SSM command must be absolute for MAC OSX because of how the compiled app works.
This must differ from the az one.

To Reproduce
Steps to reproduce the behavior:

1. Make a Federated Session Active
2. Click on the Kebab menu
3. Click Launch SSM
4. See error

Expected behavior
The SSM procedure must start as expected.

Desktop (please complete the following information):

• MAC OSX in general

Is your feature request related to a problem? Please describe.
Plain credentials (AWS Access and Secret) are directly injected in the credentials file.

Describe the solution you'd like
In the credentials file should be injected only short-lived credentials.
Solution is to inject the result of get-session-token.
https://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html

Additional context
The --duration-seconds parameter can e just at default but consider on making it customizable.

Issue template url does not work. It returns a 404 page

Is your feature request related to a problem? Please describe.
Add AWS SSO as an identity provider for AWS.

AWS SSO AUTH FLOW

AWS SSO provides OAuth 2.0 Device Authorization Grant compatible APIs to enable command line tools to use AWS SSO to obtain AWS credentials. While those APIs are already documented and used by the AWS Command Line Interface version 2 (AWS CLI) they are not yet actively promoted by AWS.

The corresponding AWS APIs are:

• AWS SSO OIDC API
• AWS SSO Portal API

With Leapp, we have to setup the integration with this specific Identity provider.

The thought is to provide an Integrations page to manage every external integration with Leapp.
So in the menu we will find and Integration button.

By clicking the integrations menu you will see an info to register AWS SSO as identity provider.

Whenever you click the AWS SSO button the auth flow must start.

The Auth flow in AWS SSO is made up with OIDC and is divided in three different steps:

1. RegisterClient
2. StartDeviceAuthorization
3. CreateToken

CREDENTIALS ARE NOT NEEDED FOR THOSE THREE CALLS!

The first thing we have to do is to register a local client.

The AWS SSO OIDC service currently implements only the portions of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628) that are necessary to enable SSO authentication with the AWS CLI. Support for other OIDC flows frequently needed for native applications, such as Authorization Code Flow (+ PKCE), is planned in future releases.

RegisterClient

As soon as the button is started, the RegisterClient Api will be invoked.

aws sso-oidc register-client --client-name leapp --client-type public

NOTES: public is the only client type available at the moment.

it will generate a response like the one below:

{
    "clientId": "Clhq.....tMQ",
    "clientSecret": "eyJra.....wi...lK",
    "clientIdIssuedAt": 1603898686,
    "clientSecretExpiresAt": 1611674686
}

By decoding the Client secret you will see:

{
  "expired": false,
  "clientId": {
    "value": "R-j5yN-4-TPNs...tMQ"
  },
  "clientName": "my-client",
  "clientType": "PUBLIC",
  "templateArn": null,
  "templateContext": null,
  "expirationTimestamp": 1594932567.612,
  "createdTimestamp": 1587156567.612,
  "updatedTimestamp": 1587156567.612,
  "createdBy": null,
  "updatedBy": null
}

We have to locally save those info and pass them into the next call

StartDeviceAuthorization

in order to make this call the user of Leapp need to have registered into AWS SSO and provide a valid start-url, that is the portal url

Having a valid OIDC client registration we can now initiate the device authorization flow using the StartDeviceAuthorization API action.

aws sso-oidc start-device-authorization 
--client-id mVZBEoa-gUBj8nugHZUIsWV1LXdlc3QtMQ 
--client-secret eyJra...a_tV-htKetQH8 
--start-url ENDPOINTURL

That will produce a response like this:

{
  "deviceCode": "8Acq...DUg",
  "expiresIn": 600,
  "interval": 1,
  "userCode": "RPXP-JSQA",
  "verificationUri": "https://device.sso.eu-central-1.amazonaws.com/",
  "verificationUriComplete": "https://device.sso.eu-central-1.amazonaws.com/?user_code=RPXP-JSQA"
}

Where:

• deviceCode: The short-lived code that is used by the device when polling for a session token.
• expiresIn: Indicates the number of seconds in which the verification code will become invalid.
• interval: Indicates the number of seconds the client must wait between attempts when polling for a session.
• userCode: A one-time user verification code. This is needed to authorize an in-use device.
• verificationUri: The URI of the verification page that takes the userCode to authorize the device.
• **verificationUriComplete:**An alternate URL that the client can use to automatically launch a browser. This process skips the manual step in which the user visits the verification page and enters their code.

In order to verify this device, Leapp will prompt you to the LOGIN PAGE and the verification code page, by opening a web browser with the verificationUriComplete

After the verification of the device we can now call the CreateToken API

CreateToken

Having the userCodeand deviceCodevalues we can now us the CreateToken API action to obtain a device access token. However, before we can request any tokens we need to open the verificationUriComplete URL in a web browser, complete authentication and provide authorization. At this point the end-user has to provide personal credentials in order to authenticate himself, for example by entering his username, password and maybe also has to provide multi factory authentication (MFA) credentials.

curl -X POST https://oidc.eu-central-1.amazonaws.com/token -d 
'{"clientId": "R-j5yN-4-TPNs...tMQ", "clientSecret": "eyJr...x74", "deviceCode": "8Acq...DUg", "grantType": "urn:ietf:params:oauth:grant-type:device_code"}'

If everything worked out as expected, the token endpoint will return a valid accessToken, which we later can use with the AWS SSO Portal API to obtain temporary AWS credentials using the GetRoleCredentials action.

The returned tokens are valid for 8 hours.

This API call is region sensible, so we have to extract the region from the verificationUriComplete url with a RegEx!

With this token we can now call the AWS SSO Portal API to autogenerate sessions in Leapp.

AWS SSO Portal API

In order to fill the session available with AWS SSO we have to use those APIs

The following actions are supported:

• GetRoleCredentials
• ListAccountRoles
• ListAccounts
• Logout

and in order to complete this action we need scan for account and roles inside them, so it's a time consuming moment.

so a loading modal will appear:

What happens whenever this modal will appear?

ListAccounts

Firstly we have to check all the accounts available for the current user.

Lists all AWS accounts assigned to the user. These AWS accounts are assigned by the administrator of the account.

GET /assignment/accounts?max_result=maxResults&next_token=nextToken HTTP/1.1
x-amz-sso_bearer_token: accessToken

• accessToken: The token issued by the CreateToken API call. Required: Yes
• maxResults: This is the number of items clients can request per page. Valid Range: Minimum value of 1. The maximum value of 100.
• nextToken: When requesting subsequent pages, this is the page token from the previous response output. Required: NO

RESPONSE

{
   "accountList": [ 
      { 
         "accountId": "string",
         "accountName": "string",
         "emailAddress": "string"
      }
   ],
   "nextToken": "string"
}

The following data is returned in JSON format by the service.

• accountList: A paginated response with the list of account information and the next token if more results are available.
  • accountId: The identifier of the AWS account that is assigned to the user.
  • accountNameThe display name of the AWS account that is assigned to the user.
  • emailAddressThe email address of the AWS account that is assigned to the user. Length

For each account retrieved by this API, we need to check all the possible roles inside it.

ListAccountRoles

aws sso list-account-roles --access-token eyJlbmMiOiJBM...nZEpteo-dHw --account-id 198863347786 

Response:

{
    "roleList": [
        {
            "roleName": "ViewOnlyAccess",
            "accountId": "198000000086"
        }
    ]
}

After that for each pair of Account and role found we will add an AWS session that is available to get the correct credentials.

in order to retrieve credentials we have to make this call

GetRoleCredentials

Having a valid access token, we can use the AWS SSO Portal API to obtain temporary AWS credentials using the GetRoleCredentials action.

curl 'https://portal.sso.eu-central-1.amazonaws.com/federation/credentials?account_id=999999999999&role_name=MyIamRoleName' -H 'x-amz-sso_bearer_token: eyJl...Blw'

Which will then provide us with temporary AWS session credentials, which by default are valid for 12 hours.

{
  "roleCredentials": {
    "accessKeyId": "ASIA...Z3XM",
    "secretAccessKey": "+t6UnVLWia...hFOzGL",
    "sessionToken": "IQoJb3JpZ2lu...dK6",
    "expiration": 150000008000
  }
}

I tried several additional query parameters (session_duration, duration_seconds, …) to figure out whether one can choose a shorter session duration, but it looks like 12 hours is all you can get. While AWS STS API’s actions like AssumeRole or AssumeRoleWithWebIdentity allow callers to specify custom session duration, GetRoleCredentials does not yet support that.

Final thoughts

there are still two actions to be implemented in the App, the Logout action and the Sync action.

The first call the api call of the portal

The second one will synchronize the session with the current configuration.

Is your feature request related to a problem? Please describe.
Opening a web console with a specific AWS role and User has always been a pain.

Describe the solution you'd like
Open a web console directly from the Session in Leapp.

Describe alternatives you've considered
Add an action to the session to Open a web console with the Favorite Browser.

Describe the solution you'd like
Currently we have to delete and create the account again to update the access/secret keys when the older ones are invalidated. It would be great if we could provide an Edit option in the options menu next to the profile to update the keys.