Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
157 lines (109 sloc) 4.52 KB


credulous is a command line tool that manages AWS (IAM) Credentials securely. The aim is to encrypt the credentials using a user's public SSH Key so that only the user who has the corresponding private SSH key is able to see and use them. Furthermore the tool will also enable the user to easily rotate their current credentials without breaking the user's current workflow.

Main Features

  • Your IAM Credentials are securely encrypted on disk.
  • Easy switching of Credentials between Accounts/Users.
  • Painless Credential rotation.
  • Enables rotation of Credentials by external application/service.
  • No external runtime dependencies beyond minimal platform-specific shared libraries


For Linux (.RPM or .DEB packages)

Download your Linux package


If you are using Homebrew you can follow these steps to install Credulous

  1. localhost$ brew install bash-completion
  2. Add the following lines to your ~/.bash_profile:
if [ -f $(brew --prefix)/etc/bash_completion ]; then
    . $(brew --prefix)/etc/bash_completion
  1. localhost$ brew install
  2. Add the following lines to your ~/.bash_profile:
if [ -f $(brew --prefix)/etc/profile.d/ ]; then
    . $(brew --prefix)/etc/profile.d/

Command completion

Command completion makes credulous much more convenient to use.

OSX: brew install bash-completion

Centos: Enable EPEL repo and install bash-completion

Debian/Ubuntu: bash-completion is installed and enabled by default. Enjoy!


Credentials need to have the right to inspect the account alias, list access keys and examine the username of the user for whom they exist. An IAM policy snippet like this will grant sufficient permissions:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "PermitViewAliases",
            "Effect": "Allow",
            "Action": [ "iam:ListAccountAliases" ],
            "Resource": "*"
            "Sid": "PermitViewOwnDetails",
            "Effect": "Allow",
            "Action": [
            "Resource": "arn:aws:iam::*:user/${aws:username}"

You can have a look at the manual page, if that's your thing.

Storing your current credentials in Credulous

$ credulous save # Will ask credulous to store these credentials
# saving credentials for user@account

Displaying a set of credentials from Credulous

$ credulous source -a account -u user


Build Status

Required tools:

Make sure you have GOPATH set in your environment

Download the dependencies

$ go get -u # -u will update existing dependencies

Install git2go (Optional if you already have it installed correctly in your environment)

$ go get
$ cd $GOPATH/src/ && rm -rf vendor/libgit2
$ git submodule update --init
$ mkdir -p $GOPATH/src/
$ make install
# Run dependency update again for credulous
$ cd $GOPATH/src/ && go get -u

Install the binary in your $GOBIN

$ go install


First we make sure we have our dependencies

go get -t

Make sure goconvey is installed, else use

go get -t

Just go into this directory and either

< Go to localhost:8080 in your browser >

Or just run

go test ./...


See here

Credulous Security

You can’t perform that action at this time.