Automic VaultAutomic Vault

brew

Install granted with Homebrew, Nix, scoop

Easiest way to access your cloud. Version 0.39.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install granted

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#granted

nixpkgs package indexes · pkgs/by-name/gr/granted/package.nix · source: api.github.com

Windows

Scoopverified · 92%
scoop install main/granted

Scoop official bucket manifest trees · bucket/granted.json · source: api.github.com

overview

Package summary

Easiest way to access your cloud

Commands and aliases

  • assume
  • assume.fish
  • assumego
  • granted

history

Project history and usage

Granted is a command-line tool for cloud access, focused on AWS role assumption, AWS SSO workflows, browser-based console access, and safer handling of cached credentials.

Project history

The Granted README and docs describe the project as a CLI that simplifies access to cloud roles and lets users open multiple cloud accounts in a browser. Its goals are fast role discovery and assumption, browser isolation for simultaneous accounts, and encrypted cached credentials to avoid plaintext SSO tokens on disk.

Granted is developed under the fwdcloudsec GitHub organization and is documented through the Common Fate/Granted documentation site. The repository structure separates the granted management command and assume role-assumption workflow.

Adoption history

Granted fits teams with many AWS accounts, especially organizations using AWS SSO/IAM Identity Center. Its adoption is driven by reducing friction around profile selection, browser sessions, and short-lived role credentials.

The Homebrew package is useful because the tool lives directly in shell workflows: users run assume, integrate it with AWS config and credentials files, and pair it with browsers and keychains rather than a server process.

How it is used

Users configure AWS profiles, run assume to select and assume a role, export credentials for terminal commands, or open cloud consoles in separate browser contexts. The docs recommend AWS SSO because it avoids long-lived IAM credentials on a device.

Granted also intersects with package-manager and OS security details because it can use platform credential stores and must behave correctly across macOS, Linux, Windows, shells, and browsers.

Why package nerds care

Granted is significant as a security-adjacent CLI package: it is small, but it touches AWS config conventions, credential files, shell initialization, browser integration, and OS credential stores. Those edges make packaging quality visible to day-to-day cloud operators.

Timeline

  • 2024: Discussions and issues show active use around AWS SSO profile and keychain workflows.
  • 2026: The GitHub repository listed hundreds of commits and over a thousand stars, indicating a mature niche CLI package.

Related projects

  • AWS CLI and AWS IAM Identity Center are the primary external systems.
  • Browser container/profile features, OS keychains, and shell integrations are part of the user workflow.
  • Common Fate documentation and fwdcloudsec source control are the official project surfaces.

security posture

Risk level: orange

infrastructure mutation or orchestration signal.

Risk classifier

orange risk · medium confidence · infrastructure

Why

  • infrastructure mutation or orchestration signal

Signals

  • text:cloud

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.granted~/.aws/config
Windows
%USERPROFILE%/.granted%UserProfile%\.aws\config

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.aws/credentials
Windows
%UserProfile%\.aws\credentials

executables

Installed executables

CommandKindExposureNote
assumecliglobal executable
assume.fishcliglobal executable
assumegocliglobal executable
grantedcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.39.0
manager updated
local dataok
upstreamcurrent
latest detectedv0.39.0

https://github.com/fwdcloudsec/granted

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:granted
Version0.39.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/granted
Homepagehttps://granted.dev/
Repositoryhttps://github.com/fwdcloudsec/granted
Upstream docshttps://docs.granted.dev/
LicenseMIT
Source archivehttps://github.com/fwdcloudsec/granted/archive/refs/tags/v0.39.0.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegranted
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

granted

nix profile install nixpkgs#granted
  • normalized package name match
  • Matched by: Granted
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/gr/granted/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Scoop95%

main/granted

scoop install main/granted
  • normalized package name match
  • Matched by: Granted
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/granted.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment