aws-vault authenticates with AWS and stores the obtained credentials in a secure credential store (a "vaulting backend").

With AWS Organisations and SSO

Insert stanzas like the following into ~/.aws/config for each role and account combination:

[profile $name]
sso_start_url = https://$
sso_region = $portalRegion
sso_account_id = $portalAccount
sso_role_name = $role
region = $region

macOS Keychain timeout

The Keychain timeout determines the amount of time that must pass between Keychain accesses before you need to re-enter your password. It's specified in seconds:

security set-keychain-settings -t 1800 ~/Library/Keychains/aws-vault.keychain-db