Displaying 1 to 19 from 19 results

teleport - Privileged access management for elastic infrastructure.

  •    Go

Teleport is built on top of the high-quality Golang SSH implementation and it is fully compatible with OpenSSH and can be used with sshd servers and ssh clients. Download the latest binary release, unpack the .tar.gz and run sudo ./install. This will copy Teleport binaries into /usr/local/bin.

aws-mfa - Manage AWS MFA Security Credentials

  •    Python

aws-mfa makes it easy to manage your AWS SDK Security Credentials when Multi-Factor Authentication (MFA) is enforced on your AWS account. It automates the process of obtaining temporary credentials from the AWS Security Token Service and updating your AWS Credentials file (located at ~/.aws/credentials). Traditional methods of managing MFA-based credentials requires users to write their own bespoke scripts/wrappers to fetch temporary credentials from STS and often times manually update their AWS credentials file. short-term - A temporary set of credentials that are generated by AWS STS using your long-term credentials in combination with your MFA device serial number (either a hardware device serial number or virtual device ARN) and one time token code. Your short term credentials are the credentials that are actively utilized by the AWS SDK in use.

cli - A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

  •    Go

step is a zero trust swiss army knife. It’s an easy-to-use and hard-to-misuse utility for building, operating, and automating systems that use zero trust technologies like authenticated encryption (X.509, TLS), single sign-on (OAuth OIDC, SAML), multi-factor authentication (OATH OTP, FIDO U2F), encryption mechanisms (JSON Web Encryption, NaCl), and verifiable claims (JWT, SAML assertions). For more information and docs see the step website and the blog post announcing step.

swamp - Teh AWS profile manager

  •    Go

You can use swamp to switch AWS profiles with ease. swamp assumes you have an AWS account with CLI access credentials and you want to assume role into a set of AWS accounts from there. swamp optionally supports MFA authentication before assuming the target role.




one-time - One Time Password (TOTP and HOTP) library for Clojure

  •    Clojure

A Clojure library for generating one time passwords (HOTP & TOTP) as per RFC 4226 and RFC 6238. One time passwords are used by a lot of websites for multi factor / two factor authentication. You can find a list of such websites here. One-Time is a feature complete and fairly stable library, given the small surface area of it's intent. Bugfixes and dependency updates will be made as required.

shibboleth-mfa-u2f-auth - U2F multifactor authentication plugin for Shibboleth IdPv3

  •    Groovy

This project is work in progress. U2F authentication flow for Shibboleth Identity Provider v3.3.x. The U2F flow is designed to be used together with another login flow, usually by utilizing the MFA login flow.

mfa-monitor - Backendless security monitoring for your MFA enabled services. 🔐

  •    Javascript

Monitor your online applications without worrying about the hosting platform, bills, and servers. Run simple crontab task to oversee the actual state of the MFA (Multi-Factor Authentication) among different services like AWS (Amazon Web Services), Github, Google, Slack and more. The installation consists of two simple steps. The first one is the NPM dependency installation process and the second one is the MFA monitor configuration.

SimpleTOTP - A highly configurable yet simple to use TOTP based two-factor authentication processing module for SimpleSAMLphp

  •    PHP

SimpleTOTP is a SimpleSAMLphp auth processing filter that enables the use of the Time-Based One-Time Password Algorithm (TOTP) as a second-factor authentication mechanism on either an Identity Provider or Service Provider (...or both!). This has been tested with Google Authenticator on iOS and Android.


awsu - Enhanced account switching for AWS, supports Yubikey as MFA source

  •    Go

awsu provides a convenient integration of AWS virtual MFA devices into commandline based workflows. It does use Yubikeys to provide the underlying TOTP one-time passwords but does not rely on additional external infrastructure such as e.g. federation. Linux is only available for download from the relase tab. No Windows builds are provided at the moment.

mfaws - :lock: AWS multi-factor authentication for the CLI

  •    Go

Download the appropriate binary from the releases page, chmod +x, and drop it into your PATH. Note: Make sure your hardware clock is correct! Especially if dual booting. If your time is out of sync, your MFA attempts will fail and the codes oathtool generates will be wrong (if you use it).

sts - Simplify working with AWS STS credentials and MFA

  •    Go

Download the latest release for your OS and architecture from: https://github.com/jonhadfield/sts/releases. Note: In order to get temporary credentials, you must first provide your permanent credentials as detailed here.

aws-keyring - Easier & more secure management of your AWS keys & MFA tokens

  •    Python

aws-keyring is a simple utility to make handling your AWS credentials a little more secure and easy. Instead of hard-coding your credentials into dotfiles, aws-keyring will instead store them in your system keychain / keyring. aws-keyring also makes dealing with AWS MFA much easier when using the AWS CLI or other AWS API tools.

twothy - Two factor authenticator for CLI

  •    Go

Installation assumes that you have Go environment configured. Once inside project' folder, simply run make test to run the tests.

django-mfa - Django-mfa (Multi Factor Authentication) is a simple package to add extra layer of security to your django web application

  •    Python

Django-mfa(Multi-factor Authentication) is a simple django package to add extra layer of security to your web application. Django-mfa is providing easiest integration to enable Multi factor authentication to your django applications. Inspired by the user experience of Google's Authentication, django-mfa allows users to authenticate through text message(SMS) or by using token generator app like google authenticator. We welcome your feedback on this package. If you run into problems, please raise an issue or contribute to the project by forking the repository and sending some pull requests.

terraform-aws-iam-assumed-roles - Terraform Module for Assumed Roles on AWS with IAM Groups Requiring MFA

  •    HCL

Terraform module to provision two IAM roles and two IAM groups for assuming the roles provided MFA is present, and add IAM users to the groups. To give a user administrator's access, add the user to the admin group.

bastion - 🔒Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support

  •    Shell

This is a secure/locked-down bastion implemented as a Docker Container. It uses Alpine Linux as the base image and ships with support for Google Authenticator & DUO MFA support. It was designed to be used on Kubernetes together with GitHub Authorized Keys to provide secure remote access to production clusters.

awsp - AWS credential profile changer

  •    Shell

You might need to allow users from another AWS account to access resources in your AWS account. If so, don't share security credentials, such as access keys, between accounts. Instead, use IAM roles. You can define a role that specifies what permissions the IAM users in the other account are allowed, and from which AWS accounts the IAM users are allowed to assume the role. To make process of switching profiles (environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY among others) it is handy to use the code provided on this repo.

pnzr - pnzr is docker deploy tool for ecs.

  •    Go

Can be installed in either way. Please read the wiki.

aws-runas - aws-runas rewritten in Go

  •    Go

A friendly way to do AWS STS AssumeRole operations so you can perform AWS API actions using a particular set of permissions. Includes integration with roles requiring MFA authentication! Works off of profile names configured in the AWS SDK configuration file. The tool will cache the credentials retrieved from AWS in order to minimize API calls to AWS, as well as minimize the entry of MFA codes (for roles requiring MFA).