{"id":36484811,"url":"https://github.com/otm/limes","last_synced_at":"2026-01-27T05:18:26.359Z","repository":{"id":43278582,"uuid":"51735614","full_name":"otm/limes","owner":"otm","description":"Limes provides an easy work flow with MFA protected access keys, temporary credentials and access to multiple roles/accounts.","archived":false,"fork":false,"pushed_at":"2022-02-25T17:55:57.000Z","size":583,"stargazers_count":69,"open_issues_count":4,"forks_count":13,"subscribers_count":4,"default_branch":"master","last_synced_at":"2026-01-12T03:35:43.311Z","etag":null,"topics":["aws","aws-cli","aws-sdk"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/otm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-02-15T06:33:56.000Z","updated_at":"2024-05-02T14:25:26.000Z","dependencies_parsed_at":"2022-09-23T12:01:45.556Z","dependency_job_id":null,"html_url":"https://github.com/otm/limes","commit_stats":null,"previous_names":["otm/ims"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/otm/limes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/otm%2Flimes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/otm%2Flimes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/otm%2Flimes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/otm%2Flimes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/otm","download_url":"https://codeload.github.com/otm/limes/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/otm%2Flimes/sbom","scorecard":{"id":714396,"data":{"date":"2025-08-11","repo":{"name":"github.com/otm/limes","commit":"56ca9bd1109fe35a1ce9b6bdb3b9b32080c4abb3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.5,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/28 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: goCommand not pinned by hash: Dockerfile:11","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.0.2 not signed: https://api.github.com/repos/otm/limes/releases/4382925","Warn: release artifact v1.0.1 not signed: https://api.github.com/repos/otm/limes/releases/3088900","Warn: release artifact v1.0.0 not signed: https://api.github.com/repos/otm/limes/releases/3053925","Warn: release artifact v1.0.0-beta3 not signed: https://api.github.com/repos/otm/limes/releases/2846416","Warn: release artifact v1.0.0-beta2 not signed: https://api.github.com/repos/otm/limes/releases/2826594","Warn: release artifact v1.0.2 does not have provenance: https://api.github.com/repos/otm/limes/releases/4382925","Warn: release artifact v1.0.1 does not have provenance: https://api.github.com/repos/otm/limes/releases/3088900","Warn: release artifact v1.0.0 does not have provenance: https://api.github.com/repos/otm/limes/releases/3053925","Warn: release artifact v1.0.0-beta3 does not have provenance: https://api.github.com/repos/otm/limes/releases/2846416","Warn: release artifact v1.0.0-beta2 does not have provenance: https://api.github.com/repos/otm/limes/releases/2826594"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T09:08:02.386Z","repository_id":43278582,"created_at":"2025-08-22T09:08:02.386Z","updated_at":"2025-08-22T09:08:02.386Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28803650,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T03:44:14.111Z","status":"ssl_error","status_checked_at":"2026-01-27T03:43:33.507Z","response_time":168,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cli","aws-sdk"],"created_at":"2026-01-12T01:45:42.793Z","updated_at":"2026-01-27T05:18:26.344Z","avatar_url":"https://github.com/otm.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Limes\nLimes provides an easy work flow with MFA protected access keys, temporary credentials and access to multiple roles/accounts.\n\nLimes is the Local Instance MEtadata Service and emulates parts of the [AWS Instance Metadata Service](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) running on Amazon Linux. The AWS SDK and AWS CLI can therefor utilize this service to authenticate.\n\n## Warning\nThe AWS SDK refreshes credentials automatically when using limes. So **all** services will change profile if the profile is changed in limes.\n\n##  Installation\n1. Download binary for your architecture from https://github.com/otm/limes/releases/latest\n2. Copy the file to `/usr/local/bin` or appropriate location in PATH\n3. Make it executable: `chmod +x /usr/local/bin/limes`\n4. **Linux:** Allow limes to bind to privileged ports `setcap 'cap_net_bind_service=+ep' /usr/local/bin/limes`\n\n**Note:** On Mac OS limes server is needed to run as root for the time being.\n\n## Configuring the Loop Back Device\nThe configuration below adds the necessary IP configuration on the loop back device. Without this configuration the service can not start.\n\n**Note:** This configuration is not persistent between reboots.\n\n#### Linux\n```\nsudo ip addr add 169.254.169.254/24 broadcast 169.254.169.255 dev lo:metadata\nsudo ip link set dev lo:metadata up\n```\n\n#### Mac\n```\nsudo /sbin/ifconfig lo0 alias 169.254.169.254\n```\n\n## Bash Completion\n\n##### Linux:\n```\nwget -O /etc/bash_completion.d/limes https://raw.githubusercontent.com/otm/limes/master/assets/limes\n```\n\n##### Mac\n```\nwget -O $(brew --prefix)/etc/bash_completion.d/limes https://raw.githubusercontent.com/otm/limes/master/assets/limes\n```\n\n##### Fixing Completion for AWS CLI\nThere is currently a bug in the completer for the AWS CLI that makes it misbehave when used with `_command_offset`. This can be solved by adding a secondary completion entry for the AWS CLI. To make this persistent add it to your bash configuration.  \n\n**Linux**\n```\ncomplete -C '/usr/local/bin/aws_completer' limes run aws\n```\n\n**Mac (Brew)**\n```\ncomplete -C \"$(brew --prefix)/bin/aws_completer\" limes run aws\n```\n\n## Configuring IAM (Identity and Access Management)\nTo be done\n\n## Configuring IMS (Instance Meta-data Service)\nThere is an [example configuration file](https://github.com/otm/limes/blob/master/config.example). The configuration file is documented. Make a copy of the file and place it in `~/.limes/config`.\n\n```\nmkdir -p ~/.limes\nwget -O ~/.limes/config https://raw.githubusercontent.com/otm/limes/master/config.example\n```\n\nUse your favorite text editor to update ~/.limes/config\n\n## Usage\nRunning `limes` in your terminal prints usage information.\n\n#### Starting the Service\nThe service is started with `limes start`.\n\n#### Assuming Profiles\nA profile is assumed with `limes assume \u003cprofile-name\u003e`, where profile-name is a configured profile. Please note that this does not refer to AWS profiles but profiles configured in limes.\n\n#### Running Applications with Alternate Profile\nIf you have assumed a role on limes you might want to run an application once with an alternate profile. This is possible without assuming the profile with the `run` subcommand.\n\n```\nlimes --profile \u003cname\u003e run \u003capplication\u003e [args...]\n```\n\n**Tip**\nWith `limes --profile \u003cname\u003e run bash` it is possible to quickly start a shell with exported environment variables that is valid for an hour.\n\n#### Protected Profiles\nBy adding `protected: true` to your profile it will not be possible to assume that role. It will only be possible to utilize the subcommands `run` and `env`.\n\n#### Service Status\nBy running `limes status` it is possible to see the current status, and also it can detect common problems and misconfiguration.\n\n## Known Problems\nIf AWS environment variables, `.aws/credentials` or `.aws/config` are present there is a chance that the limes does not work. This can be checked with `limes status`.\n\n## Security\nThe service should be configured on the loop back device, and only accessible from the host it is running on.\n\n**Note:** It is important not to run any service that could forwards request on the host running Limes as this would be a security risk. However, this is no difference from the setup on an Amazon Linux instance in AWS. If an attacker could forward requests to 169.254.169.254/24 your credentials could be compromised. Please note that an attacker could utilize a DNS to resolve to this address, so always be aware where you forward requests to.  \n\n## Roadmap\n* Windows support (If I get someone to test it)\n\n## Build\nTo build you need a Go compiler and environment setup. See https://golang.org/ for more information regarding setting up and configuring Go.\n\n```\ngo get github.com/otm/limes\ngo build\n```\n\nIf protobuf definitions are updated `protoc` is needed on the system. Installation instructions are available at https://github.com/google/protobuf. Ẅhen protoc is installed run go generate. Currently build with `libprotoc 3.1.0`.\n\n```\ngo get -u github.com/golang/protobuf/{proto,protoc-gen-go}\ngo generate\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fotm%2Flimes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fotm%2Flimes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fotm%2Flimes/lists"}