[FEATURE] Support apiKeyHelper management (or equivalent) for AWS_BEARER_TOKEN_BEDROCK Bedrock API Keys
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
In https://github.com/anthropics/claude-code/issues/3283 a request for support for Amazon Bedrock API keys in Claude Code was requested, and subsequently implemented.
Amazon Bedrock API Keys can be short-term or long-term, with short-term preferred. I'm successfully able to use the short-term keys generated when hardcoding them as an env-var; but since they expire, it would be nice to auto-refresh them the same way that apiKeyHelper works for non-bedrock API keys.
Proposed Solution
I've used the bedrock token generator API to build a script that uses the local aws credentials to generate the short-term API key.
If we could specify something like bedrockApiKeyHelper pointing to a script to generate the new API token, and have it called periodically (based on some configurable interval like for apiKeyHelper), and have that set / update the env var state, that would probably give equivalent functionality as for anthropic api key helpers but for bedrock API keys.
(I assume the team will figure out the ideal way to configure / expose this, but the functionality seems somewhat straightforward).
Alternative Solutions
The awsAuthRefresh / awsCredentialExport method is a similar concept but emits / stores AWS credentials that Claude Code uses to generate AWS SigV4 signatures included in the requests. When used with an LLM proxy, these signatures appear not to work due to signature mismatch expectations, and we're unable to use this route easily. The bedrock API keys are generated securely from the same local credentials and I think are an alternative.
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
_No response_
Additional Context
_No response_
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗