{"id":46223023,"url":"https://github.com/zepellin/janus-go","last_synced_at":"2026-04-02T16:39:35.855Z","repository":{"id":198171934,"uuid":"700245954","full_name":"zepellin/janus-go","owner":"zepellin","description":"AWS credentials helper for GCP trusted service accounts","archived":false,"fork":false,"pushed_at":"2026-02-25T08:39:32.000Z","size":533,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-25T13:07:52.571Z","etag":null,"topics":["authentication","aws","cli","gcp"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zepellin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-10-04T08:23:34.000Z","updated_at":"2026-02-25T08:39:35.000Z","dependencies_parsed_at":"2023-10-04T18:00:00.646Z","dependency_job_id":"f280f026-c683-47c2-b998-881a1781f140","html_url":"https://github.com/zepellin/janus-go","commit_stats":null,"previous_names":["zepellin/janus-go"],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/zepellin/janus-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zepellin%2Fjanus-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zepellin%2Fjanus-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zepellin%2Fjanus-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zepellin%2Fjanus-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zepellin","download_url":"https://codeload.github.com/zepellin/janus-go/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zepellin%2Fjanus-go/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30050222,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T14:38:37.398Z","status":"ssl_error","status_checked_at":"2026-03-03T14:38:06.721Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","aws","cli","gcp"],"created_at":"2026-03-03T15:04:05.804Z","updated_at":"2026-03-03T15:04:06.366Z","avatar_url":"https://github.com/zepellin.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Janus-go\n\n![E2E GCP](https://github.com/zepellin/janus-go/actions/workflows/e2e-gcp.yaml/badge.svg)\n![E2E SA KEY](https://github.com/zepellin/janus-go/actions/workflows/e2e-sa-key.yaml/badge.svg)\n\n## Description\n\nJanus-go is a AWS CLI external source authentication program for use with Google Cloud GKE workload identity or GCE VM identity. It is designed to allow authenticating AWS IAM role from Google Cloud environments (such as GKE cluster or GCE VM instance) without the need of generating long term AWS credentials.\n\nThis project was inspired by [Janus](https://github.com/doitintl/janus), a python implementation of the same authentication flow. This project was written in go for easier installation and usage of the program where a single binary is implementation is better suited (such as inside of existing container running on kubernetes).\n\n## Prerequisites\n\n1. The environment in which the program is running has to be able to provide Google Cloud Identity token from Google Cloud metadata server. This can be achieved either by running on GCE VM instance or as a GKE workload with workload identity enabled\n2. An AWS IAM role is created with a [trust policy specifying the Google Cloud IAM identity](https://aws.amazon.com/blogs/security/access-aws-using-a-google-cloud-platform-native-workload-identity/) used by VM instance or GKE workload identity from step 1.\n\n## Installation\n\n### Locally\n\nDownload appropriate release for your OS and achitecture from the project's release page.\n\n```bash\nwget -qO janus-go https://github.com/zepellin/janus-go/releases/download/v0.6.0/janus-v0.6.0-linux-amd64 \u0026\u0026 chmod +x janus-go\n```\n\n### Inside of a Kubernetes pod\n\nTo use the binary inside of Kubernetes pod, download the binary using init container and mount the binary path inside of your main container:\n\n```yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: my-app-pod\nspec:\n  ...\n  initContainers:\n   - name: download-tools\n     image: alpine:3\n     command: [sh, -c]\n     args:\n       - wget -qO janus-go https://github.com/zepellin/janus-go/releases/download/v0.6.0/janus-v0.6.0-linux-amd64 \u0026\u0026 chmod +x janus-go \u0026\u0026 mv janus-go /janus-go/\n     volumeMounts:\n       - mountPath: /janus-go\n         name: janus-go\n  containers:\n  - name: main-container\n    ...\n    volumeMounts:\n    - mountPath: /usr/local/bin/janus-go\n      name: janus-go\n      subPath: janus-go\n\n  volumes:\n   - name: janus-go\n     emptyDir: {}\n```\n\nAlternatively, use the published OCI image as a Kubernetes image volume (where supported by your Kubernetes version/configuration):\n\n```yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: my-app-pod\nspec:\n  containers:\n    - name: main-container\n      image: my-app-image:latest\n      volumeMounts:\n        - mountPath: /usr/local/bin/janus-go\n          name: janus-go\n          subPath: janus-go\n          readOnly: true\n  volumes:\n    - name: janus-go\n      image:\n        reference: ghcr.io/zepellin/janus-go-volume:v0.6.0\n        pullPolicy: IfNotPresent\n```\n\n### Image naming and tags\n\nThe Kubernetes image-volume artifact is published to GitHub Container Registry as:\n\n```text\nghcr.io/\u003cowner\u003e/\u003crepo\u003e-volume\n```\n\nFor this repository, that resolves to:\n\n```text\nghcr.io/zepellin/janus-go-volume\n```\n\nTag behavior:\n\n- Release tags: `vX.Y.Z` (for example `v0.6.0`)\n- Commit tags: `sha-\u003cgit-sha\u003e`\n- `latest`: published from the default branch\n\nExamples:\n\n```text\nghcr.io/zepellin/janus-go-volume:v0.6.0\nghcr.io/zepellin/janus-go-volume:sha-abc1234def56\nghcr.io/zepellin/janus-go-volume:latest\n```\n\n## Usage\n\nAssuming pre-requisites for running the application have been met and AWS SDK configuration file in a following format exists:\n\n```text\n[profile my-aws-account]\ncredential_process = /usr/local/bin/janus-go -rolearn arn:aws:iam::123456789012:role/my-trusted-role\n```\n\nAWS clients such as AWS CLI or [AWS Terraform provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs) can now authenticate agains specified AWS profile and use AWS APIs.\n\n```bash\naws --profile my-aws-account ec2 describe-instances\n```\n\n## Contributing\n\nTo contribute to Janus-go, follow these steps:\n\n1. Fork the repository.\n2. Create a new branch (`git checkout -b feature_branch` ).\n3. Make your changes.\n4. Commit your changes (`git commit -am 'Add some feature'` ).\n5. Push to the branch (`git push origin feature_branch` ).\n6. Create a new Pull Request.\n\n## License\n\nThis project uses the following license: [MIT](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzepellin%2Fjanus-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzepellin%2Fjanus-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzepellin%2Fjanus-go/lists"}