{"id":49629953,"url":"https://github.com/jeircul/pim","last_synced_at":"2026-05-05T10:02:15.064Z","repository":{"id":321614173,"uuid":"1086525367","full_name":"jeircul/pim","owner":"jeircul","description":"Friendly Azure PIM CLI for quick, scoped role activations with guided or scripted workflows.","archived":false,"fork":false,"pushed_at":"2026-04-24T12:36:05.000Z","size":240,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-24T13:13:30.027Z","etag":null,"topics":["azure","azure-active-directory","cli","go","golang","pim","privileged-identity-management"],"latest_commit_sha":null,"homepage":"https://github.com/jeircul/pim#readme","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jeircul.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-10-30T14:36:53.000Z","updated_at":"2026-04-24T12:34:35.000Z","dependencies_parsed_at":"2026-01-15T23:00:54.629Z","dependency_job_id":null,"html_url":"https://github.com/jeircul/pim","commit_stats":null,"previous_names":["jeircul/pim"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/jeircul/pim","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeircul%2Fpim","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeircul%2Fpim/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeircul%2Fpim/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeircul%2Fpim/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jeircul","download_url":"https://codeload.github.com/jeircul/pim/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeircul%2Fpim/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32644188,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-04T10:08:07.713Z","status":"online","status_checked_at":"2026-05-05T02:00:06.033Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","azure-active-directory","cli","go","golang","pim","privileged-identity-management"],"created_at":"2026-05-05T10:02:10.156Z","updated_at":"2026-05-05T10:02:15.018Z","avatar_url":"https://github.com/jeircul.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ⚡ pim — Azure PIM role elevation manager\n\nTerminal UI for activating, deactivating, and inspecting Azure Privileged Identity Management (PIM) role assignments. Mirrors the Azure portal activation flow entirely in your terminal.\n\n## ✨ Highlights\n\n- 🖥️ Full-screen TUI — dashboard, activation wizard, status, deactivation, favorites management\n- 🎯 Flags pre-fill wizard steps and auto-advance; `--headless` bypasses the TUI for scripting\n- 🎨 Adaptive theme — works on light and dark terminals\n- ⭐ Favorites with 1–9 number-key shortcuts for instant re-activation\n- 💾 TOML state persistence — remembers recent justifications and favorites across sessions\n- 🐚 Shell completions for bash, zsh, and fish\n\n## 📦 Install\n\nmacOS / Linux:\n\n```sh\ncurl -sSfL https://raw.githubusercontent.com/jeircul/pim/main/scripts/install.sh | bash\n```\n\nWindows (PowerShell):\n\n```powershell\nirm https://raw.githubusercontent.com/jeircul/pim/main/scripts/install.ps1 | iex\n```\n\n`~/.local/bin` (Unix) or `%LOCALAPPDATA%\\Programs\\pim` (Windows) must be on `PATH`.\n\n## 🚀 Quick start\n\n```sh\npim                          # TUI dashboard — shows active elevations and favorites\npim activate                 # launch activation wizard from step 1\npim deactivate               # select and deactivate active elevations\npim status                   # view active and eligible roles\npim version                  # print version\n```\n\n### 🏎️ Flag acceleration\n\nFlags pre-fill wizard fields and skip steps when enough information is provided:\n\n```sh\n# Pre-filter the role list\npim activate --role Reader\n\n# Jump straight to options step — scope matched by display name substring\npim activate --role Reader --scope my-subscription\n\n# Auto-submit with no TUI interaction\npim activate \\\n  --role Reader \\\n  --scope my-subscription \\\n  --time 1h \\\n  --justification \"Investigating alert\" \\\n  --yes\n```\n\n### 🤖 Headless mode (scripting / CI)\n\n```sh\n# Activate — only --role is required; --time defaults to 1h\n# --scope matches ARM path first, then display-name substring\npim activate --headless \\\n  --role Reader \\\n  --scope my-subscription \\\n  --time 1h \\\n  --justification \"Deploy pipeline\"\n\n# Deactivate by role name; --role/--scope or --yes required\n# Permanent and inherited assignments are skipped automatically\npim deactivate --headless --role Reader\n\n# Deactivate all eligible (use with care)\npim deactivate --headless --yes\n\n# Status as JSON\npim status --headless --output json\n```\n\nExit code `0` on success, `1` on error, `130` on user cancel (Ctrl-C).\n\n### 🔍 Matching policy for `--role` and `--scope`\n\nApplies to both flag acceleration (TUI) and headless mode.\n\nBoth flags resolve in two passes:\n\n1. **Exact match** wins. `--scope my-rg` matches `my-rg` even if `my-rg-dev` also exists.\n2. **Substring fallback** if no exact match. `--scope prod` matches `my-prod-subscription` when it's the only match.\n3. **Ambiguity errors out.** If multiple values match by substring with no exact match, the command exits non-zero and lists the candidates instead of silently picking one.\n\nARM scope paths (`/subscriptions/...`) take precedence over display-name matching.\n\n## 🐚 Shell completions\n\n```sh\n# bash — add to ~/.bashrc\nsource \u003c(pim completion bash)\n\n# zsh — add to ~/.zshrc\nsource \u003c(pim completion zsh)\n\n# fish\npim completion fish \u003e ~/.config/fish/completions/pim.fish\n```\n\n## ⏱️ Duration format\n\nThe parser accepts any integer or decimal hours (`1h`, `1.5h` = 90 min), minutes (`30m`, `45m`), and mixed units (`1h30m`).\n\n## 🔐 Authentication\n\nUses the existing `az login` / `Connect-AzAccount` session automatically.  \nSet `PIM_ALLOW_DEVICE_LOGIN=true` (or `1` / `yes`) to allow interactive device code fallback when no cached credential is found.\n\n## ⚙️ Configuration\n\nState is stored in `~/.config/pim/`:\n\n| File | Purpose |\n|---|---|\n| `config.toml` | Hand-editable preferences and favorites |\n| `state.toml` | Auto-managed: recent justifications |\n\nExample `config.toml`:\n\n```toml\n[preferences]\ndefault_duration = \"2h\"   # default when no --time flag or favorite duration is set\n\n[[favorites]]\nlabel         = \"Prod reader\"\nrole          = \"Reader\"\nscope         = \"my-prod-subscription\"\nduration      = \"1h\"      # overrides default_duration for this favorite\njustification = \"Daily read access\"\nkey           = 1\n\n[[favorites]]\nlabel = \"Dev owner\"\nrole  = \"Owner\"\nscope = \"my-dev-subscription\"\n# duration and justification omitted — opens wizard at the missing step\nkey   = 2\n```\n\n`scope` accepts a full ARM path (`/subscriptions/…`) or a display-name substring — the TUI resolves either.\n\n`label` is required. When `role`, `scope`, `duration`, and `justification` are all set, pressing the shortcut key activates immediately with no prompts and returns to the dashboard with a result notice. If any field is missing the shortcut shows an error notice — open the favorite in the favorites editor (`f`) and activate from there; the wizard will stop at the first missing field.\n\n## 🛠️ Development\n\n### Prerequisites\n\n- [Go](https://go.dev/dl/) 1.26+\n- [Task](https://taskfile.dev/) (task runner)\n- [GoReleaser](https://goreleaser.com/) (releases only)\n\nThe quickest way to install all tools at once (Linux, macOS, WSL):\n\n```sh\n# Install mise (https://mise.jdx.dev/)\ncurl https://mise.run | sh\n\n# Install all declared tools from .mise.toml\nmise install\n```\n\nOr install each tool manually via their respective docs.\n\n### Common tasks\n\n```sh\ntask build    # build binary for current platform\ntask test     # go test -race ./...\ntask fmt      # go fmt ./...\ntask install  # build + install to ~/.local/bin\ntask clean    # remove build artefacts\n```\n\n## 📤 Release\n\n```sh\ngit tag vX.Y.Z\ngit push origin vX.Y.Z\n```\n\nGoReleaser builds cross-platform archives (linux, darwin, windows — amd64 + arm64) and attaches them to the GitHub release automatically.\n\n## ⚠️ Disclaimer\n\nUse at your own risk. The author is not responsible for any impact caused by its usage.  \nAI tooling (GitHub Copilot) assisted with portions of the implementation, reviews, and documentation.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeircul%2Fpim","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjeircul%2Fpim","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeircul%2Fpim/lists"}