Introducing atmos auth list: Visualize Your Authentication Configuration
We're excited to announce a powerful new command for managing authentication in Atmos: atmos auth list. This command provides comprehensive visibility into your authentication configuration, making it easier than ever to understand and manage complex authentication chains across multiple cloud providers and identities.
Why atmos auth list?
As cloud infrastructure grows more complex, so does authentication management. Modern teams often work with:
- Multiple cloud providers (AWS, Azure, GCP, Okta)
- Complex role assumption chains (SSO → base role → admin role → specific account)
- Multiple identities per environment (dev, staging, production)
- Team-specific access patterns (developer, operator, security auditor)
Without proper tooling, it becomes difficult to answer simple questions like:
- "What authentication providers do we have configured?"
- "Which identities can I use to access production?"
- "How does this identity authenticate? Through which provider?"
- "What's the complete authentication chain for this admin role?"
atmos auth list solves these challenges by providing clear, actionable visibility into your entire authentication configuration.
Key Features
🎨 Multiple Output Formats
Table Format (Default) Perfect for quick overviews with formatted tables showing key attributes:
atmos auth list
Tree Format Visualize hierarchical relationships and authentication chains:
atmos auth list --format tree
JSON/YAML Export Integrate with scripts and automation tools:
atmos auth list --format json | jq '.identities'
atmos auth list --format yaml > auth-config.yml
Graph Visualization Generate diagrams for documentation:
atmos auth list --format graphviz > auth-chain.dot
atmos auth list --format mermaid > auth-chain.mmd
atmos auth list --format markdown > docs/auth-config.md
🔍 Smart Filtering
Filter by providers or identities to focus on what matters:
# Show only AWS SSO providers
atmos auth list --providers=aws-sso
# View specific identities
atmos auth list --identities=admin,developer
# Show all providers (no identities)
atmos auth list --providers
🔗 Authentication Chain Visualization
Understand complex authentication flows at a glance. Chains show the complete path from provider to target identity:
aws-sso → base-role → admin-role → prod-account
This makes it immediately clear:
- Which provider authenticates you initially
- What roles you assume along the way
- The final identity you end up with
🎯 Real-World Examples
Quick Overview
$ atmos auth list
PROVIDERS
NAME KIND REGION START URL DEFAULT
aws-sso aws-sso us-east-1 https://example.awsapps.com/start ✓
okta okta https://example.okta.com
IDENTITIES
NAME KIND VIA PROVIDER VIA IDENTITY DEFAULT ALIAS
admin aws/assume-role aws-sso ✓ prod-admin
developer aws/assume-role aws-sso dev
ops aws/assume-role aws-sso admin ops-admin
Detailed Tree View
$ atmos auth list --format tree
Authentication Configuration
├─ aws-sso (aws-sso) [DEFAULT]
│ ├─ Region: us-east-1
│ ├─ Start URL: https://example.awsapps.com/start
│ └─ Identities
│ ├─ admin (aws/assume-role) [DEFAULT] [ALIAS: prod-admin]
│ │ ├─ Principal
│ │ │ └─ arn: arn:aws:iam::123456789012:role/AdminRole
│ │ └─ ops (aws/assume-role) [ALIAS: ops-admin]
│ │ └─ Principal
│ │ └─ arn: arn:aws:iam::987654321098:role/OpsRole
│ └─ developer (aws/assume-role) [ALIAS: dev]
│ └─ Principal
│ └─ arn: arn:aws:iam::123456789012:role/DeveloperRole
└─ okta (okta)
└─ URL: https://example.okta.com
The tree format shows the hierarchical relationship between providers and identities. Identities that authenticate through a provider appear as children under that provider's "Identities" section. Identity chains (where one identity assumes another) are shown as nested children - notice how ops appears as a child of admin since it authenticates via the admin identity.
Automation Integration
# Export to JSON for CI/CD validation
atmos auth list --format json | jq -r '.providers | keys[]'
# Generate documentation
atmos auth list --format yaml > docs/auth-config.yml
# Check if specific provider exists
atmos auth list --providers=aws-sso --format json | jq -e '.providers["aws-sso"]'
Understanding Authentication Chains
One of the most powerful features is authentication chain visualization. Chains show how identities authenticate through providers or other identities:
-
Simple chain:
aws-sso → adminDirect authentication through AWS SSO -
Multi-step chain:
aws-sso → base-role → admin-roleAuthenticate via SSO, assume base role, then assume admin role -
Complex chain:
okta → aws-dev → prod-account → adminAuthenticate through Okta, assume AWS dev role, switch to prod account, become admin
These chains can be arbitrarily long, supporting even the most complex enterprise authentication scenarios.
Integration with Existing Commands
atmos auth list complements the existing authentication commands:
atmos auth whoami- See your current authentication statusatmos auth login- Authenticate with a provideratmos auth list- NEW! View all available providers and identitiesatmos auth validate- Validate authentication configurationatmos auth env- Export credentials as environment variables
Together, these commands provide a complete authentication workflow from discovery to usage.
Get Started
atmos auth list is available in Atmos v1.195.0 and later. To get started:
- Upgrade Atmos to the latest version
- List your configuration: Run
atmos auth list - Explore the formats: Try
--format tree,json, andyaml - Filter as needed: Use
--providersand--identitiesto focus
For full documentation, see the atmos auth list command reference.
What's Next?
The atmos auth list command is part of our broader authentication management initiative. Coming soon:
atmos auth logout- Cleanly terminate authentication sessions and clear cached credentialsatmos auth shell- Launch an authenticated shell session with credentials automatically configured- Interactive identity selection - Enhanced
atmos auth loginwith improved identity selection and TTY dialogs - AWS SSO improvements - Better user experience with spinners and interactive prompts for AWS SSO authentication
Together, these enhancements will provide an even more seamless authentication workflow from discovery to usage.
We'd love to hear your feedback! Let us know what you think on GitHub or join our community Slack.
Happy authenticating! 🔐
