diff --git a/main.go b/main.go
index 433c0ee..2c201a9 100644
--- a/main.go
+++ b/main.go
@@ -26,6 +26,7 @@ var (
 			Token string `flag:"vault-token" env:"VAULT_TOKEN" vardefault:"vault-token" description:"Specify a token to use instead of app-id auth"`
 		}
 		Transform      []string `flag:"transform,t" default:"" description:"Translates keys to different names (oldkey=newkey)"`
+		TransformSet   []string `flag:"transform-set" default:"" description:"Apply predefined transform sets (Available: STS)"`
 		VaultAddress   string   `flag:"vault-addr" env:"VAULT_ADDR" default:"https://127.0.0.1:8200" description:"Vault API address"`
 		VaultKeys      []string `flag:"key,k" default:"" description:"Keys to read and use for environment variables"`
 		VersionAndExit bool     `flag:"version" default:"false" description:"Print program version and exit"`
@@ -109,6 +110,14 @@ func main() {
 	}
 
 	envData := map[string]string{}
+
+	for _, setName := range cfg.TransformSet {
+		if set, ok := transformSets[setName]; ok {
+			cfg.Transform = append(cfg.Transform, set...)
+		} else {
+			log.Warnf("Transform set %q was not found, ignoring", setName)
+		}
+	}
 	transformMap := env.ListToMap(cfg.Transform)
 
 	for _, vaultKey := range cfg.VaultKeys {
@@ -143,7 +152,7 @@ func main() {
 
 	if cfg.Export {
 		for k, v := range envData {
-			fmt.Printf("export %s=\"%s\"\n", k, v)
+			fmt.Printf("export %s=%q\n", k, v)
 		}
 		return
 	}
diff --git a/transform_sets.go b/transform_sets.go
new file mode 100644
index 0000000..f9b70ff
--- /dev/null
+++ b/transform_sets.go
@@ -0,0 +1,9 @@
+package main
+
+var transformSets = map[string][]string{
+	"STS": []string{
+		"access_key=AWS_ACCESS_KEY_ID",
+		"secret_key=AWS_SECRET_ACCESS_KEY",
+		"security_token=AWS_SECURITY_TOKEN",
+	},
+}