Automic VaultAutomic Vault

brew

Install aws-google-auth with Homebrew

Acquire AWS credentials using Google Apps. Version 0.0.38 via Homebrew; verified 2026-05-20.

install

Additional install commands

macOS

Homebrewverified ยท 100%
brew install aws-google-auth

local Homebrew formula metadata

overview

Package summary

Acquire AWS credentials using Google Apps

Commands and aliases

  • aws-google-auth

history

Project history and usage

aws-google-auth is a Python command-line tool for acquiring temporary AWS STS credentials using Google Apps / Google Workspace SAML SSO as the identity provider. It targets organizations that wired Google SAML into AWS before newer AWS-native SSO and IAM Identity Center workflows became common.

Project history

The CEVO Australia repository presents the tool as a way to acquire AWS temporary credentials through Google Apps federation. Its README covers the Google SAML identity-provider setup, the AWS service-provider identifiers needed by the command, installation through pip or Docker, and command-line flags for region, profile, role ARN, U2F, keyring use, and diagnostic output.

Adoption history

The README points to PyPI and Docker Hub distribution paths, and the GitHub page shows a Python project with a public release line through 0.0.38. Homebrew analytics showed 73 installs in 30 days, 290 in 90 days, and 1,204 in 365 days at the time of this batch, indicating a lingering audience among teams with older Google SAML AWS login setups.

How it is used

Users provide Google username, IdP ID, service-provider ID, AWS region, profile, and optionally a role ARN. The tool prompts for password and MFA, assumes an AWS role, and writes or reuses profile data; its README says profile credentials and related IdP/SP details are stored through AWS profiles in the AWS config file.

Why package nerds care

The package is historically interesting because it bridges consumer-style browser SSO and Unix CLI credential files. It also documents borrowing credential injection ideas from aws-adfs and inspiration from keyme, which places it in the family of pre-IAM-Identity-Center AWS federation helpers.

Timeline

  • 2015: AWS publishes official guidance for federated single sign-on to AWS using Google Apps.
  • 0.0.38: GitHub lists release 0.0.38 as the latest release.
  • 2026: Homebrew formula metadata packages aws-google-auth 0.0.38 from PyPI.

Related projects

  • google-aws-federator: a related CEVO tool mentioned by the README for assigning users to AWS account roles.
  • aws-adfs: acknowledged by the README as a source for credential injection behavior.
  • keyme: acknowledged by the README as inspiration for Google SAML authentication flow handling.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for aws-google-auth. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 3 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.aws/config

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.aws/credentials

executables

Installed executables

CommandKindExposureNote
aws-google-authcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.0.38
manager updated2026-05-20
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/cevoaustralia/aws-google-auth

install metadata

Package metadata

Package keybrew:aws-google-auth
Version0.0.38
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/aws-google-auth
Homepagehttps://github.com/cevoaustralia/aws-google-auth
Repositoryhttps://github.com/cevoaustralia/aws-google-auth
Upstream docshttps://github.com/cevoaustralia/aws-google-auth#readme
LicenseMIT
Source archivehttps://files.pythonhosted.org/packages/32/4c/3a1dd1781c9d3bb4a85921b3d3e6e32fc0f0bad61ace6a8e1bd1a59c5ba0/aws-google-auth-0.0.38.tar.gz
Last updated2026-05-20T10:22:16Z
Pulseupdated
Dependenciescertifi, pillow, python@3.14
Uses from macOSlibxml2, libxslt
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameaws-google-auth
Version Scheme0
Revision22
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment