# Install granted with Homebrew, Nix, scoop

Easiest way to access your cloud. Version 0.39.0 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:granted
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install granted
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#granted
```

  Evidence: nixpkgs package indexes: pkgs/by-name/gr/granted/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

### Windows

- Scoop (92%):

```sh
scoop install main/granted
```

  Evidence: Scoop official bucket manifest trees: bucket/granted.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:granted
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/granted>
- **Version:** 0.39.0
- **Source summary:** Easiest way to access your cloud
- **Homepage:** <https://granted.dev/>
- **Repository:** <https://github.com/fwdcloudsec/granted>
- **Upstream docs:** <https://docs.granted.dev/>
- **License:** MIT
- **Source archive:** <https://github.com/fwdcloudsec/granted/archive/refs/tags/v0.39.0.tar.gz>
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- assume (cli)
- assume.fish (cli)
- assumego (cli)
- granted (cli)
- assume (alias)
- assume.fish (alias)
- assumego (alias)
- granted (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.39.0
- Local data: ok
- Upstream repository: https://github.com/fwdcloudsec/granted
- Upstream latest detected: v0.39.0 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

Granted is a command-line tool for cloud access, focused on AWS role assumption, AWS SSO workflows, browser-based console access, and safer handling of cached credentials.

### Project history

The Granted README and docs describe the project as a CLI that simplifies access to cloud roles and lets users open multiple cloud accounts in a browser. Its goals are fast role discovery and assumption, browser isolation for simultaneous accounts, and encrypted cached credentials to avoid plaintext SSO tokens on disk.

Granted is developed under the fwdcloudsec GitHub organization and is documented through the Common Fate/Granted documentation site. The repository structure separates the granted management command and assume role-assumption workflow.

### Adoption history

Granted fits teams with many AWS accounts, especially organizations using AWS SSO/IAM Identity Center. Its adoption is driven by reducing friction around profile selection, browser sessions, and short-lived role credentials.

The Homebrew package is useful because the tool lives directly in shell workflows: users run assume, integrate it with AWS config and credentials files, and pair it with browsers and keychains rather than a server process.

### How it is used

Users configure AWS profiles, run assume to select and assume a role, export credentials for terminal commands, or open cloud consoles in separate browser contexts. The docs recommend AWS SSO because it avoids long-lived IAM credentials on a device.

Granted also intersects with package-manager and OS security details because it can use platform credential stores and must behave correctly across macOS, Linux, Windows, shells, and browsers.

### Why package nerds care

Granted is significant as a security-adjacent CLI package: it is small, but it touches AWS config conventions, credential files, shell initialization, browser integration, and OS credential stores. Those edges make packaging quality visible to day-to-day cloud operators.

### Timeline

- 2024: Discussions and issues show active use around AWS SSO profile and keychain workflows.
- 2026: The GitHub repository listed hundreds of commits and over a thousand stars, indicating a mature niche CLI package.

### Related projects

- AWS CLI and AWS IAM Identity Center are the primary external systems.
- Browser container/profile features, OS keychains, and shell integrations are part of the user workflow.
- Common Fate documentation and fwdcloudsec source control are the official project surfaces.

### Sources

- <https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html>
- <https://docs.commonfate.io/granted/introduction>
- <https://docs.granted.dev/security>
- <https://github.com/fwdcloudsec/granted>


## Security Notes

infrastructure mutation or orchestration signal.

- **Geiger risk:** orange / medium
- infrastructure mutation or orchestration signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/.granted, ~/.aws/config
- Windows: %USERPROFILE%/.granted, %UserProfile%\.aws\config

## Credential files

- Unix: ~/.aws/credentials
- Windows: %UserProfile%\.aws\credentials
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** granted
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - granted: normalized package name match | nixpkgs package indexes: pkgs/by-name/gr/granted/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Scoop - main/granted: normalized package name match | Scoop official bucket manifest trees: bucket/granted.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [signmykey](https://www.automicvault.com/pkg/brew/signmykey/) - Shares av.db curated category or tags: cli, identity, identity-access, security.
- [pocket-id](https://www.automicvault.com/pkg/brew/pocket-id/) - Shares av.db curated category or tags: cli, identity-access, security.
- [cfripper](https://www.automicvault.com/pkg/brew/cfripper/) - Shares av.db curated category or tags: aws, cli, security.
- [git-credential-libsecret](https://www.automicvault.com/pkg/brew/git-credential-libsecret/) - Shares av.db curated category or tags: cli, credentials, security.
- [git-credential-oauth](https://www.automicvault.com/pkg/brew/git-credential-oauth/) - Shares av.db curated category or tags: cli, credentials, security.
- [okta-aws-cli](https://www.automicvault.com/pkg/brew/okta-aws-cli/) - Shares av.db curated category or tags: aws, cli, identity, security.
- [opensaml](https://www.automicvault.com/pkg/brew/opensaml/) - Shares av.db curated category or tags: cli, identity, security.
- [opkssh](https://www.automicvault.com/pkg/brew/opkssh/) - Shares av.db curated category or tags: cli, identity-access, security.
- [rolesanywhere-credential-helper](https://www.automicvault.com/pkg/brew/rolesanywhere-credential-helper/) - Security-sensitive metadata or terminology overlaps. Shared terms: access, aws, cli, credentials, identity.

## Combined YAML source

View the package source record on GitHub. [combined/granted.yml](https://github.com/automic-vault/db/blob/main/combined/granted.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
