aws-vault authenticates with AWS and stores the obtained credentials in a secure credential store (a "vaulting backend").
With AWS Organisations and SSO
Insert stanzas like the following into
~/.aws/config for each role and account combination:
[profile $name] sso_start_url = https://$org.awsapps.com/start sso_region = $portalRegion sso_account_id = $portalAccount sso_role_name = $role region = $region
macOS Keychain timeout
The Keychain timeout determines the amount of time that must pass between Keychain accesses before you need to re-enter your password. It's specified in seconds:
security set-keychain-settings -t 1800 ~/Library/Keychains/aws-vault.keychain-db