{"id":41898485,"url":"https://github.com/glnds/masl","last_synced_at":"2026-01-25T14:38:17.704Z","repository":{"id":54191405,"uuid":"130828236","full_name":"glnds/masl","owner":"glnds","description":"Assume an AWS Role using Onelogin","archived":false,"fork":false,"pushed_at":"2023-02-25T10:43:02.000Z","size":40988,"stargazers_count":22,"open_issues_count":6,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-19T00:29:15.154Z","etag":null,"topics":["aws","aws-iam","onelogin","saml"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/glnds.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-24T09:16:53.000Z","updated_at":"2023-12-04T17:16:44.000Z","dependencies_parsed_at":"2024-06-19T00:10:25.430Z","dependency_job_id":"6d767123-3496-499b-a9a3-3fe705a51ee6","html_url":"https://github.com/glnds/masl","commit_stats":null,"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/glnds/masl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glnds%2Fmasl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glnds%2Fmasl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glnds%2Fmasl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glnds%2Fmasl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/glnds","download_url":"https://codeload.github.com/glnds/masl/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glnds%2Fmasl/sbom","scorecard":{"id":429937,"data":{"date":"2025-08-11","repo":{"name":"github.com/glnds/masl","commit":"28b5afe3d3fc681c6f00428225630d7fb58eacc3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.3,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 1/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/cicd.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/glnds/masl/cicd.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/glnds/masl/cicd.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/glnds/masl/cicd.yaml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v2.0.7 not signed: https://api.github.com/repos/glnds/masl/releases/39276585","Warn: release artifact v2.0.6 not signed: https://api.github.com/repos/glnds/masl/releases/39263694","Warn: release artifact v2.0.5 not signed: https://api.github.com/repos/glnds/masl/releases/29443854","Warn: release artifact v2.0.4 not signed: https://api.github.com/repos/glnds/masl/releases/24382220","Warn: release artifact v2.0.3 not signed: https://api.github.com/repos/glnds/masl/releases/24381179","Warn: release artifact v2.0.7 does not have provenance: https://api.github.com/repos/glnds/masl/releases/39276585","Warn: release artifact v2.0.6 does not have provenance: https://api.github.com/repos/glnds/masl/releases/39263694","Warn: release artifact v2.0.5 does not have provenance: https://api.github.com/repos/glnds/masl/releases/29443854","Warn: release artifact v2.0.4 does not have provenance: https://api.github.com/repos/glnds/masl/releases/24382220","Warn: release artifact v2.0.3 does not have provenance: https://api.github.com/repos/glnds/masl/releases/24381179"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2021-0227 / GHSA-3vm4-22fp-5rfm","Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T03:06:01.984Z","repository_id":54191405,"created_at":"2025-08-19T03:06:01.984Z","updated_at":"2025-08-19T03:06:01.984Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28754311,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T13:59:49.818Z","status":"ssl_error","status_checked_at":"2026-01-25T13:59:33.728Z","response_time":113,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-iam","onelogin","saml"],"created_at":"2026-01-25T14:38:17.648Z","updated_at":"2026-01-25T14:38:17.697Z","avatar_url":"https://github.com/glnds.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Release](https://img.shields.io/github/release/glnds/masl.svg?style=flat)](https://github.com/glnds/masl/releases/latest)\n[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat)](/LICENSE)\n[![Go Report Card](https://goreportcard.com/badge/github.com/glnds/masl)](https://goreportcard.com/report/github.com/glnds/masl)\n[![CircleCI](https://circleci.com/gh/glnds/masl.svg?style=svg)](https://circleci.com/gh/glnds/masl)\n![build workflow](https://github.com/glnds/masl/actions/workflows/cicd.yaml/badge.svg)\n\n# MASL\n\n![MASL](img/masl.png)\n\n\nPronounced [mɑzəl] form the Dutch word 'mazzel', meaning luck. 'masl' is also an anagram from the word 'SAML'.\nThis tool allows you to use [onelogin](https://www.onelogin.com/) to assume an AWS role through SAML authentication.\n\n## Getting Started\n\n### Installation\n\nJust download the latest release under https://github.com/glnds/masl/releases. Don't forget to make it executable and link it from somewhere in your $PATH on UNIX-like platforms.\n\n#### OS X\n- Open Masl.dmg\n- Move the file **masl-vx.x.x-darwin-amd64** to /usr/local/bin and rename it to **masl**.\n- done :)\n\n#### Windows\n- rename **masl-vx.x.x-windows-amd64** to **masl.exe** and execute to install.\n\n\n### Configuration\n\nAll configuration is done using a `.masl/config.toml` file in your user's home directory.\nAn example toml config file is included: [masl-example.toml](https://github.com/glnds/masl/blob/master/masl-example.toml).\nCopy `masl-example.toml` and rename it to `.masl/config.toml`. Adjust the values to reflect your environment.\n\n\nThe minimal configuration should look like this:\n```\n\nBaseURL = 'https://api.eu.onelogin.com/'\nClientID = 'onelogin client id'\nClientSecret = 'onelogin client secret'\nAppID = 'onelogin app id'\nSubdomain = 'subdomain of the onelogin user'\nUsername = 'onelogin username or email'\n```\n\nOptional settings:\n```\nDuration = 'Assume role maximum session duration' (default 3600)\nLegacyToken = true/false (configures legacy aws_security_token (for Boto support))\nDebug = true/false (Set to true for debug logging, default off)\nProfile = 'Value for environment variable AWS_PROFILE' (default = 'masl')\nDefaulMFADevice = 'name of your default MFA device (for example 'Yubico YubiKey')'\n```\n\nIf specifying a custom duration assure this duration is allowed on the AWS role itself as well. \nSee: [Enable Federated API Access to your AWS Resources for up to 12 hours Using IAM Roles](https://aws.amazon.com/blogs/security/enable-federated-api-access-to-your-aws-resources-for-up-to-12-hours-using-iam-roles/)\n\n#### Multi-Account management\nOne of the main drivers to develop another Onelogin CLI authenticator was to ease the management of multiple AWS accounts. Most of the tools currently lack those features and that makes switching AWS accounts bothersome. For this purpose ```.masl/config.toml``` supports the following features:\n\n##### Account naming\nYou can provide account names (aliases) for all accounts you have access to:\n```\n...\n[[Accounts]]\nID = '1234567890'\nName = 'account-x'\n\n[[Accounts]]\nID = '1122334455'\nName = 'account-y'\n\n[[Accounts]]\nID = '0987654321'\nName = 'account-z'\n...\n```\n\n##### Environments containing account subsets\nIf your account list grows too big it is often handy to limit the list to your current work context. This can be achieved by defining environments:\n\n```\n...\n[[Environments]]\nName = 'governance'\nAccounts = ['1234567890', '1122334455']\n...\n```\n\nFurthermore accounts can be marked as 'Environment Independent`, in that case they will show up in all your environments.\n\n```\n...\n[[Accounts]]\nID = '1234567890'\nName = 'base-account'\nEnvironmentIndependent = true\n...\n````\n\nusage: ```masl -env [environment_name]```\n\n\n## Usage\n\nJust run ```masl``` on your command line. \n\nOptional command line arguments:\n```\n  -account string\n        AWS Account ID or name\n  -env string\n        Work environment\n  -legacy-token\n        configures legacy aws_security_token (for Boto support)\n  -profile string\n        AWS profile name (default \"masl\")\n  -role string\n        AWS role name\n  -version\n        prints MASL version\n```\n\nAssure the environment variable ```AWS_PROFILE``` is set to **masl** (or the overrided value specified in ```.masl/config.toml``` or the ```-profile``` command line option).\n\n### Non-interactive usage\nIf you use command line tools to manage your passwords and generate otp tokens then you can set environment variables for the password and otp token. \nFor example if you use [pass](https://www.passwordstore.org/) to manage your passwords and [totp-cli](https://github.com/WhyNotHugo/totp-cli) to generate tokens, then you can write a script like this:\n```\n#!/usr/bin/env bash\nPASSWORD=$(pass \u003cthe-service\u003e) OTP=$(totp \u003cthe-service\u003e) masl\n```\n\n## Development\n\n### Makefile\nThis project includes a ```makefile`` to make your life easy.\n- ```make clean```: clean up your workspace\n- ```make build```: build this project\n- ```make lint```: run `golangci-lint run`\n\n\n## Running the tests\n\nTODO: Explain how to run the automated tests for this system\n\n\n## Built With\n\n* [Snyk](https://snyk.io/) - Continuously vulnerabilities scanning\n* [Go Modules](https://github.com/golang/go/wiki/Modules)\n\n### Logging\n\nA log file ```masl.log``` is created and added on your user's home directory. The default log level is 'INFO'. For debug logging set ```Debug = true``` in ```.masl/config.toml```.\n\n## Contributing\n\n1. Fork it!\n2. Create your feature branch: `git checkout -b my-new-feature`\n3. Commit your changes: `git commit -am 'Add some feature'`\n4. Push to the branch: `git push origin my-new-feature`\n5. Submit a pull request :Do us.\n\n## Versioning\n\n[SemVer](http://semver.org/) is used for versioning. For the versions available, see the [tags on this repository](https://github.com/glnds/masl/tags). \n\n\n## FAQ\n### My login is successful but I'm unable to access my AWS account?\nThe AWS CLI uses ```default``` as default for the variable ```AWS_PROFILE```. MASL uses ```masl``` as default AWS profile name to store the AWS credentials (as a safety net for not overriding your default settings). \n\nTo fix this do one of the following:\n- set the value of ```AWS_PROFILE``` to ```masl```\n- in your ```.masl/config.toml``` add the line ```Profile = 'default'```\n- start masl with the ```-profile default``` option\n\n### I have multiple MFA devices defined, is it possible to set one of them as default?\nyes in your ```.masl/config.toml``` set a value for the variable ```DefaulMFADevice```\n\n## License\nThis project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglnds%2Fmasl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fglnds%2Fmasl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglnds%2Fmasl/lists"}