explaingit

moritzheiber/crowbar

Analysis updated 2026-07-05 · repo last pushed 2023-06-01

35RustAudience · ops devopsComplexity · 2/5DormantSetup · moderate

TLDR

A command-line tool that logs you into AWS through corporate identity providers like Okta or JumpCloud, fetching temporary credentials on demand and storing them securely in your OS keychain.

Mindmap

mindmap
  root((repo))
    What it does
      Authenticates via identity providers
      Generates temporary AWS credentials
      Stores credentials in OS keystore
    Tech stack
      Rust
      AWS CLI integration
      OS keychain
    Supported providers
      Okta
      JumpCloud
      ADFS and WebAuthn planned
    Use cases
      Run AWS CLI commands
      Manage multiple AWS roles
      Secure credential storage
    Audience
      Developers
      System administrators
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Log into AWS from the terminal using Okta or JumpCloud without manually fetching tokens.

USE CASE 2

Run AWS CLI commands like listing servers or uploading files with credentials managed automatically in the background.

USE CASE 3

Switch between multiple AWS roles by selecting from a prompt when running a command.

What is it built with?

RustAWS CLI

How does it compare?

moritzheiber/crowbarrestsend/pipacesarferreira/tmux.expose
Stars353241
LanguageRustRustRust
Last pushed2023-06-01
MaintenanceDormant
Setup difficultymoderateeasyeasy
Complexity2/54/52/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires configuration of your identity provider details (username, provider URL, AWS app URL) and an installed AWS CLI tool on your system.

No license is mentioned in the explanation, so the default terms of copyright apply, you may not be able to use, modify, or distribute this code without permission from the author.

In plain English

If your company uses AWS for cloud infrastructure, you probably log in through a corporate identity provider like Okta or JumpCloud rather than typing in a raw AWS password. Crowbar is a tool that makes this process smooth from the command line. It handles the back-and-forth of authenticating with your identity provider and generating the temporary credentials you need to run AWS commands, so you don't have to manually fetch and paste tokens every time your access expires. When you set up a profile, you give the tool your username, your identity provider, and the URL for your AWS app. When you run an AWS command, it pings your identity provider, asks for your password, and prompts you for multi-factor authentication (MFA), like a push notification or a code from an authenticator app. Once you're verified, it fetches temporary security credentials and hands them directly to the AWS command-line tool. If you have multiple AWS roles available, it will ask you to pick which one you want to use. The standout feature is how it handles your sensitive data. Many similar tools save your session tokens and credentials in plain text files on your computer's hard drive. This tool avoids that entirely. Instead, it stores your credentials securely in your operating system's built-in secure keystore (like macOS's Keychain). This means a malicious program snooping around your files won't find your AWS credentials lying around. This is built for developers, system administrators, or anyone who needs to interact with AWS resources from their terminal. For example, if you need to list your company's servers or upload files to a storage bucket, you can run a standard AWS command, and this tool will silently manage the authentication in the background. It integrates directly with the AWS command-line tool, so once it's configured, you barely notice it's there. Right now, it supports Okta (with several MFA options like push notifications and text messages) and JumpCloud. The project is actively working toward adding support for ADFS and WebAuthn security keys. It works across macOS, Windows, and Linux, and you can install it through popular package managers like Homebrew or Chocolatey.

Copy-paste prompts

Prompt 1
I use Okta to log into AWS at work. Help me install and configure Crowbar on macOS so I can run AWS CLI commands without manually fetching tokens every time.
Prompt 2
Set up Crowbar to authenticate with JumpCloud for my AWS CLI access on Windows using Chocolatey, including choosing the right AWS role.
Prompt 3
Compare Crowbar to other AWS SSO CLI tools, focusing on how it stores credentials in the OS keychain instead of plain text files.

Frequently asked questions

What is crowbar?

A command-line tool that logs you into AWS through corporate identity providers like Okta or JumpCloud, fetching temporary credentials on demand and storing them securely in your OS keychain.

What language is crowbar written in?

Mainly Rust. The stack also includes Rust, AWS CLI.

Is crowbar actively maintained?

Dormant — no commits in 2+ years (last push 2023-06-01).

What license does crowbar use?

No license is mentioned in the explanation, so the default terms of copyright apply, you may not be able to use, modify, or distribute this code without permission from the author.

How hard is crowbar to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is crowbar for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.