Cross-platform Python CLI for ephemeral MFA-based Git repository authentication using AWS STS. No long-lived credentials.
- Language: Python
- AWS: STS (AssumeRole with MFA), IAM
- Libraries: Boto3, qrcode
- Platforms: macOS, Windows, Linux
- Developer runs the CLI and enters an MFA code from their authenticator app
- CLI calls AWS STS AssumeRole with the MFA code to obtain temporary credentials
- Git credential helper is configured with short-lived access keys
- First-time users get a QR code to scan with their authenticator app
- All Git operations work transparently — credentials are injected automatically
- Credentials expire after the configured duration; developer re-authenticates
- Ephemeral credentials via AWS STS with MFA
- Cross-platform (macOS, Windows, Linux)
- Automatic Git credential helper configuration
- QR code generation for authenticator app setup
- Self-service for 60+ developers
- No long-lived credentials stored anywhere
- PRD
- Blog post: MFA for Git Repositories