macOS
brew install grantedlocal Homebrew formula metadata
brew
Easiest way to access your cloud. Version 0.39.0 via Homebrew; verified from local package data.
install
brew install grantedlocal Homebrew formula metadata
nix profile install nixpkgs#grantednixpkgs package indexes · pkgs/by-name/gr/granted/package.nix · source: api.github.com
scoop install main/grantedScoop official bucket manifest trees · bucket/granted.json · source: api.github.com
overview
Easiest way to access your cloud
history
Granted is a command-line tool for cloud access, focused on AWS role assumption, AWS SSO workflows, browser-based console access, and safer handling of cached credentials.
The Granted README and docs describe the project as a CLI that simplifies access to cloud roles and lets users open multiple cloud accounts in a browser. Its goals are fast role discovery and assumption, browser isolation for simultaneous accounts, and encrypted cached credentials to avoid plaintext SSO tokens on disk.
Granted is developed under the fwdcloudsec GitHub organization and is documented through the Common Fate/Granted documentation site. The repository structure separates the granted management command and assume role-assumption workflow.
Granted fits teams with many AWS accounts, especially organizations using AWS SSO/IAM Identity Center. Its adoption is driven by reducing friction around profile selection, browser sessions, and short-lived role credentials.
The Homebrew package is useful because the tool lives directly in shell workflows: users run assume, integrate it with AWS config and credentials files, and pair it with browsers and keychains rather than a server process.
Users configure AWS profiles, run assume to select and assume a role, export credentials for terminal commands, or open cloud consoles in separate browser contexts. The docs recommend AWS SSO because it avoids long-lived IAM credentials on a device.
Granted also intersects with package-manager and OS security details because it can use platform credential stores and must behave correctly across macOS, Linux, Windows, shells, and browsers.
Granted is significant as a security-adjacent CLI package: it is small, but it touches AWS config conventions, credential files, shell initialization, browser integration, and OS credential stores. Those edges make packaging quality visible to day-to-day cloud operators.
security posture
infrastructure mutation or orchestration signal.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/.granted~/.aws/config%USERPROFILE%/.granted%UserProfile%\.aws\configCredential-bearing paths to review before unattended agent runs.
~/.aws/credentials%UserProfile%\.aws\credentialsexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
assume | cli | global executable | |
assume.fish | cli | global executable | |
assumego | cli | global executable | |
granted | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/fwdcloudsec/granted
install metadata
| Package key | brew:granted |
|---|---|
| Version | 0.39.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/granted |
| Homepage | https://granted.dev/ |
| Repository | https://github.com/fwdcloudsec/granted |
| Upstream docs | https://docs.granted.dev/ |
| License | MIT |
| Source archive | https://github.com/fwdcloudsec/granted/archive/refs/tags/v0.39.0.tar.gz |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | granted |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
granted
nix profile install nixpkgs#grantedmain/granted
scoop install main/grantedsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.