{"id":19432742,"url":"https://github.com/brightspace/bmx","last_synced_at":"2025-04-24T20:31:01.066Z","repository":{"id":40260719,"uuid":"98925756","full_name":"Brightspace/bmx","owner":"Brightspace","description":"Get short term AWS IAM credentials via Okta","archived":false,"fork":false,"pushed_at":"2025-01-31T19:09:46.000Z","size":3228,"stargazers_count":9,"open_issues_count":5,"forks_count":5,"subscribers_count":43,"default_branch":"main","last_synced_at":"2025-04-03T09:51:03.571Z","etag":null,"topics":["aws","iam","okta","vulcan"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Brightspace.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-31T20:12:02.000Z","updated_at":"2025-02-02T06:21:14.000Z","dependencies_parsed_at":"2024-01-15T21:35:06.784Z","dependency_job_id":"eb4819a9-687a-449b-884f-e9b1b2cb43bf","html_url":"https://github.com/Brightspace/bmx","commit_stats":null,"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Brightspace%2Fbmx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Brightspace%2Fbmx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Brightspace%2Fbmx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Brightspace%2Fbmx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Brightspace","download_url":"https://codeload.github.com/Brightspace/bmx/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250704529,"owners_count":21473707,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","iam","okta","vulcan"],"created_at":"2024-11-10T14:36:59.278Z","updated_at":"2025-04-24T20:31:00.764Z","avatar_url":"https://github.com/Brightspace.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BMX\n\nBMX provides API access to your AWS accounts using existing Okta credentials. Instead of long-term IAM user access keys, BMX creates short-term AWS STS tokens using your Okta identity.\n\n## Installation\n\nDownload the appropriate binary from the [releases](https://github.com/Brightspace/bmx/releases) page. For D2Lers, visit [bmx.d2l.dev](https://bmx.d2l.dev) for installation.\n\n\n## Usage\n\n### Flags\n\nBMX command line flags (a.k.a. \"options\", i.e. command line arguments that start with `--`) are optional unless otherwise stated.\nIf not provided, BMX will prompt you to input the data interactively as needed.\n\n### Global configuration\n\nTo set up the BMX global configuration file at `~/.bmx/config`, run\n\n```PowerShell\nbmx configure --org \u003cokta_organization\u003e --user \u003cokta_username\u003e\n```\n\nOkta user sessions are automatically cached when this configuration file is present.\nAs such, it is not recommended to run `bmx configure` or create this configuration file manually on a machine with shared access.\n\n### AWS credentials as environment variables\n\nTo set up AWS credentials as environment variables, in PowerShell, run\n\n```PowerShell\nbmx print --account \u003caws_account_name\u003e --role \u003caws_role_name\u003e | iex\n```\n\nor in Bash/sh/Zsh, run\n\n```Bash\neval \"$(bmx print --account \u003caws_account_name\u003e --role \u003caws_role_name\u003e)\"\n```\n\n### Static AWS credentials in a profile\n\nTo set up AWS credentials in a profile, run\n\n```Powershell\nbmx write --account \u003caws_account_name\u003e --role \u003caws_role_name\u003e --profile \u003caws_profile\u003e\n```\n\nYou can use your profile by configuring any supporting AWS client. For example, for the AWS CLI:\n\n```Powershell\naws sts get-caller-identity --profile \u003caws_profile\u003e\n```\n\n### Provide dynamic AWS credentials to a profile\n\nTo set up an AWS profile that sources credentials from BMX on-the-fly, run\n\n```Powershell\nbmx write --use-credential-process --account \u003caws_account_name\u003e --role \u003caws_role_name\u003e --profile \u003caws_profile\u003e\n```\n\n(_Note: the `--use-credential-process` flag must be provided on the command line._)\n\nAWS clients using this profile will call BMX to obtain credentials on-the-fly.\nBMX caches the credentials it provides, and will automatically refresh them as needed, as long as it has a valid Okta session.\n\nThis use case is only supported when you have set up the BMX global configuration file.\n\n### Refresh Okta session\n\nTo force refresh your Okta session, run\n\n```Powershell\nbmx login\n```\n\n### Passwordless authentication\n\nIf your Okta organization is configured for [Desktop Single Sign-on](https://help.okta.com/en-us/content/topics/directory/ad-desktop-sso-main.htm)\nand your computer is connected and signed in to the Active Directory network,\nBMX will authenticate you to Okta without prompting for password input.\n\nThis is currently only supported on Windows. Support for macOS is pending.\n\n### Local configuration\n\nYou can create local configuration files named `.bmx`, where you can define default values for most BMX flags.\nA local configuration file takes effect for BMX commands executed in the current directory or its subdirectories.\nIts values override the values in the global configuration file.\n\nHere's an example of a typical `.bmx` file:\n\n```ini\naccount = \u003caws_account_name\u003e\nrole = \u003caws_role_name\u003e\nduration = 15\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrightspace%2Fbmx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrightspace%2Fbmx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrightspace%2Fbmx/lists"}