Skip to main content

atmos auth exec

Run any tool (Terraform, AWS CLI, kubectl, etc.) with the right cloud identity injected automatically into the environment. Use exec when you want a one-off command to inherit secure, temporary credentials without polluting your shell session.

atmos auth exec --help

Exec vs Shell

Use exec for single commands or automation. Use shell for interactive sessions where you'll run multiple commands.

Usage​

atmos auth exec [--identity <name>] -- <command> [args...]

Arguments​

command
The program to execute with authentication environment variables set.
args...
Arguments to pass through to the command.

Examples​

# Run terraform with authenticated env (uses default identity)
atmos auth exec -- terraform plan -var-file=env.tfvars

# Interactively select identity
atmos auth exec --identity -- aws sts get-caller-identity

# Use a specific identity
atmos auth exec --identity prod-admin -- aws sts get-caller-identity

# Inspect env
atmos auth exec -- env | grep AWS

Flags​

--identity (alias -i)

Specify the identity to use. This flag has three modes:

  • With value (--identity admin): Use the specified identity
  • Without value (--identity): Show interactive selector to choose identity
  • Omitted: Use the default identity configured in atmos.yaml

Notes​

  • -- is required to stop Atmos flag parsing; everything after is passed to the subcommand.