Just-in-time privileged access elevation for cloud infrastructure.
jitsudo is an open-source CLI tool that grants temporary, audited, least-privilege access elevations across cloud and Kubernetes environments — without standing permissions.
Instead of granting persistent elevated roles, jitsudo issues time-bounded access elevations on demand, tied to a declared reason, approved through policy, and automatically revoked on expiry.
jitsudo elevate --provider aws --role arn:aws:iam::123456789012:role/incident-responder --duration 30m --reason "Investigating prod alert #4421"| Provider | Status |
|---|---|
| AWS IAM | Planned |
| GCP IAM | Planned |
| Azure RBAC | Planned |
| Kubernetes RBAC | Planned |
- No standing access. Elevations are ephemeral by design.
- Auditable. Every elevation is logged with requester, reason, duration, and scope.
- Policy-driven. Approval workflows and constraints are defined as code.
- Provider-agnostic. A single CLI interface across clouds and Kubernetes.
Early development. The core design and provider interface spec are in progress.
Watch this org or star jitsudo-dev/jitsudo to follow along.
- 🌐 jitsudo.dev
- 📦
jitsudo-dev/jitsudo— main repository - 🔐 Security policy
- 🤝 Contributing guide
