docs

README.md

@@ -162,6 +162,14 @@ For Linux / Ubuntu add the following to your bash config / zshrc etc:
 export AWS_OKTA_BACKEND=secret-service
 ```
 
+## --session-cache-single-item aka AWS_OKTA_SESSION_CACHE_SINGLE_ITEM (alpha)
+
+This flag enables a new secure session cache that stores all sessions in the same keyring item. For macOS users, this means drastically fewer authorization prompts when upgrading or running local builds.
+
+No provision is made to migrate sessions between session caches.
+
+Implemented in [https://github.com/segmentio/aws-okta/issues/146](#146).
+
 ## Local Development
 
 If you're developing in Linux, you'll need to get `libusb`. For Ubuntu, install the libusb-1.0-0-dev or use the `Dockerfile` provided in the repo.

internal/sessioncache/key_orig.go

@@ -14,7 +14,7 @@ type OrigKey struct {
 	Duration    time.Duration
 }
 
-// key returns a key for the keyring item. This is a string containing the source profile name,
+// Key returns a key for the keyring item. This is a string containing the source profile name,
 // the profile name, and a hash of the duration
 //
 // this is a copy of KeyringSessions.key and should preserve behavior, *except* that it assumes `profileName`

internal/sessioncache/store_kritempersession.go

@@ -9,6 +9,11 @@ import (
 	log "github.com/sirupsen/logrus"
 )
 
+// KrItemPerSessionStore stores one session in one keyring item
+//
+// This is the classic session store implementation. Its main drawback is that on macOS,
+// without code signing, you need to reauthorize the binary between upgrades *for each
+// item*.
 type KrItemPerSessionStore struct {
 	Keyring keyring.Keyring
 }