https://github.com/permify/targe

Open-source CLI for managing IAM (Identity and Access Management) operations with AI assistance.
https://github.com/permify/targe

authorization aws awscli azure cloud gcp iam security

Last synced: 19 days ago
JSON representation

Open-source CLI for managing IAM (Identity and Access Management) operations with AI assistance.

• Host: GitHub
• URL: https://github.com/permify/targe
• Owner: Permify
• License: apache-2.0
• Created: 2024-12-03T07:18:14.000Z (7 months ago)
• Default Branch: master
• Last Pushed: 2025-03-24T08:17:03.000Z (3 months ago)
• Last Synced: 2025-03-24T09:25:08.713Z (3 months ago)
• Topics: authorization, aws, awscli, azure, cloud, gcp, iam, security
• Language: Go
• Homepage: https://permify.co
• Size: 84.2 MB
• Stars: 30
• Watchers: 2
• Forks: 4
• Open Issues: 7
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

README

        


  

    

    

  



   Targe - Open Source IAM Copilot







Targe is an open-source CLI for managing IAM (Identity and Access Management) operations with AI assistance.

DevOps engineers use Targe to configure how employees in their organization access infrastructure resources. Targe simplifies and accelerates granting and revoking access, while supporting custom policy creation — eliminating the need for tedious back-and-forth UI work.





     

  

     

     

     

     

     

  


![Targe Demo](assets/images/targe.gif)

## How it Works?

1. Configure your cloud credentials to enable Targe to access resources in your infrastructure. Currently, Targe supports only AWS.

2. Start an access flow or use AI to create an access command to fulfill an access request.

3. Preview the access action and complete the access request.

### Create an Access Command with AI 

Describe the access action you want to perform. For example, "give S3 read-only access to user Omer." 

Targe analyzes the request and generates the necessary access command using AI.

![targe-ai-flow](https://github.com/user-attachments/assets/0a2ea874-b6b6-47ec-b792-1602137f23e7)

### Start an Access Flow Manually

You can also manually start any flow to complete an access action. 

There are three main flows:

   - `~ % targe aws users`  | Grant or revoke access to/from a user.

   - `~ % targe aws groups` | Attach or detach a policy to/from a group.

   - `~ % targe aws roles`  | Attach or detach a policy to/from a role.

Let's repeat the example above of granting s3 read-only access to user Omer.

We will use following command to start **user** flow: `~ % targe aws users`.

The user access flow begins by listing the users in the system. Select the user to take action on.

![select-user](https://github.com/user-attachments/assets/d99327e8-3c74-42b4-9615-2afe6f0bde0b)

After selecting the user, choose the operation to perform. Let’s attach a policy to user Omer.

![select-operation](https://github.com/user-attachments/assets/bfa67375-0cd1-4bcf-9d73-dcb1a7a88dc4)

In the next step, select the policy you want to attach. You can use "filters" in each section to search what you need.

![select-policy](https://github.com/user-attachments/assets/af918b77-7e45-4c43-9d4b-f8971b1ece47)

Finally, preview the access action.

![preview-access-action](https://github.com/user-attachments/assets/d843bd92-db6d-4907-ab39-0344e4986da8)

## Installation Steps

1. **Install Targe CLI:**

   ```shell

   brew tap permify/tap-targe

   brew install targe

   ```

2. **Set Up AWS Credentials:**

   Targe requires AWS credentials to be configured in the file `~/.aws/credentials`. Follow these steps:

    - Create or open the `~/.aws/credentials` file using a text editor:

      ```shell

      nano ~/.aws/credentials

      ```

    - Add your AWS credentials in the following format:

      ```plaintext

      [default]

      aws_access_key_id = your_access_key

      aws_secret_access_key = your_secret_key

      ```

    - Save the file and exit (in nano, press `CTRL + O` to save, then `CTRL + X` to exit).

3. **Verify the Configuration:**

   Run the following command to confirm the credentials are set correctly:

   ```shell

   aws sts get-caller-identity

   ```

   This should return information about your AWS account. If it fails, double-check the credentials file for accuracy.

4. **Configure OpenAI API Key**

   

   Run the following command to configure your OpenAI API Key:

   ```shell

   targe config set openai_api_key [your_api_key]

   ```

5. **Set the Default Region (Optional):**

   If your tool requires a specific AWS region, you can set it in the `~/.aws/config` file:

   ```shell

   nano ~/.aws/config

   ```

   Add:

   ```plaintext

   [default]

   region = us-east-1

   ```

   Replace `us-east-1` with your desired region.

## Communication Channels

If you like Targe, please consider giving us a :star: