diff --git a/src-tauri/src/credentials/aws.rs b/src-tauri/src/credentials/aws.rs
index e6e7523..c428141 100644
--- a/src-tauri/src/credentials/aws.rs
+++ b/src-tauri/src/credentials/aws.rs
@@ -148,6 +148,43 @@ impl AwsSessionCredential {
 }
 
 
+#[derive(Clone, Debug, FromRow)]
+pub struct AwsSessionRow {
+    version: i64,
+    base_id: Uuid,
+    access_key_id: String,
+    session_token: String,
+    secret_key_enc: Vec<u8>,
+    nonce: Vec<u8>,
+    expiration: i64,
+}
+
+
+impl PersistentCredential for AwsSessionCredential {
+    type Row = AwsSessionRow;
+    fn type_name() -> &'static str { "aws_session" }
+    fn into_credential(self) -> Credential { Credential::AwsSession(self) }
+    fn row_id(row: &AwsSessionRow) -> Uuid { row.base_id }
+
+    fn from_row(row: AwsSessionRow, crypto: &Crypto) -> Rsult<Self, LoadCredentialsError> {
+        let nonce = XNonce::clone_from_slice(&row.nonce);
+        let secret_key_bytes = crypto.decrypt(&nonce, &row.secret_key_enc)?;
+        let secret_access_key = String::from_utf8(secret_key_bytes)
+            .map_err(|_| LoadCredentialsError::InvalidData)?;
+
+        Ok(AwsSessionCredential {
+            version: row.version as usize,
+            access_key_id: row.access_key_id,
+            secret_access_key,
+            session_token: row.session_token,
+            expiration: DateTime::from_secs(row.expiration),
+        })
+    }
+
+    fn save_details(&self, base_id: &Uuid, crypto: &Crypto, txn: &mut Transaction)
+}
+
+
 fn default_credentials_version() -> usize { 1 }