--environment flag output appears to conflict with AWS CLI credential_process expected output

[wcarpenter1-godaddy]

Hi there 👋 . Thanks for making this tool, it's great.

I might be off-base, but when I try to use the --environment flag in my authenticate command from ~/.aws/credentials, I get the following error:

~/.aws/credentials

[my-profile]
credential_process = aws-okta-processor authenticate --organization *** --user *** --environment

$ aws s3 ls
...
Expecting value: line 1 column 1 (char 0)

This profile works fine:
~/.aws/credentials

[my-profile]
credential_process = aws-okta-processor authenticate --organization *** --user ***

I think that might be because credential_process expects JSON output on STDOUT?
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html

The AWS CLI runs the command as specified in the profile and then reads data from STDOUT. The command you specify must generate JSON output on STDOUT that matches the following syntax.

Is that the case? Any workaround to get the --environment flag working when calling from an AWS named profile?

[wcarpenter1-godaddy]

I'm on these versions:

➜  aws --version
aws-cli/2.5.5 Python/3.9.11 Darwin/20.6.0 exe/x86_64 prompt/off
➜  aws-okta-processor --version
1.8.2

[bhardie-godaddy]

AWS CLI and SDKs expect the default JSON format output from the command given as credential_process when you're using profiles. --environment is to change the output to produce shell commands that can be used with eval() to set the credentials as environment variables which is unnecessary if you're using profiles.

[wcarpenter1-godaddy]

Thanks @bhardie-godaddy that makes sense. I have a use-case where I temporarily want the creds in the environment so I can pass them to my docker container like so:

docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_DEFAULT_REGION my-image my-code.sh

Any neat workaround so I can keep using named profiles and not have to run authenticate in the shell?