Github All Releases Discord Badge - Website: https://www.leapp.cloud/ - Roadmap: Roadmap - Wiki: Wiki - Chat with us: Discord


Leapp is a DevTool Desktop App designed to manage and secure Cloud Access in multi-account environments.

The App is designed to work with Cloud Providers APIs, CLIs, and SDKs.

It's a tool that securely stores your access information in a secure place and generates temporary credential sets to access your Cloud from your local machine.

We Strongly believe that access information to Cloud in ~/.aws or ~/.azure files are not safe, and we prefer to store that information in an encrypted file managed by the system. Credentials will be hourly rotated and accessible in those files only when they are needed, so only when Leapp is active.

Leapp App

Table of Contents

Key features

Leapp App animation


Get here the latest release.

Use Cases

Our use cases are hereby presented to give you a hint on how Leapp can be of help to depend on the type of setup you have in your company and what kind of credentials you need to get.

AWS Plain Access

Store AWS IAM User's Access Keys in your System Vault through Leapp. Leapp automatically manages Access Key ID and Secret Access Key in your AWS credentials, generating temporary credentials for them.

No credentials are stored in Leapp.

Please see Vault strategy for more information.

Plain Access Use-case

See setup tutorial

Note: it's possible to assign an MFA device to a plain session. Please see MFA section for more details.

AWS Federated Access

Federation is established between G Suite and AWS. No more AWS credentials management is needed. Leapp allows you to get to cloud resources with company email and password.

Federated Access Use-case

See setup tutorial

AWS Single Sign-On

Access to your AWS Accounts through Leapp and let the App manage all the available session to generate Temporary Access and Secret keys. AWS SSO video

See setup tutorial

AWS Truster Access

Access to an Aws Account Role via another AWS Account role or an IAM user, thanks to a cross-account role available via STS. In this access strategy a Truster Role or a Plain User is assumed by a federated role.

Truster Access Use-case

See setup tutorial

Note: it's possible to apply MFA to a truster session by setting it on the plain account it relies on. Please see MFA section for more details.

Azure Access

Use Leapp to do Single Sign On with G Suite on Azure to get access to your Subscriptions. In this use case is mandatory to have defined a Federation between Google and Azure. Leapp manage the login process for you to have Azure CLI ready to be used.

Azure Access Use-case

See setup tutorial

Supported Providers

Cloud Providers

  • AWS - :white_check_mark:
  • AZURE - :white_check_mark:
  • GCP - :soon:

Identity Providers

  • G Suite to AWS - :white_check_mark:
  • G Suite to Azure - :white_check_mark:
  • AZURE AD to Azure - :white_check_mark:
  • AZURE AD to AWS - :soon:
  • AWS Single Sign-On - :white_check_mark:


By default, Leapp writes logs to the following locations:

  • on Linux: ~/.config/Leapp/logs/log.log
  • on macOS: ~/Library/Logs/Leapp/log.log
  • on Windows: %USERPROFILE%\\AppData\\Roaming\\Leapp\\log.log Logs are structured in the following way:
[YYYY-MM-DD HH:mm:ss.mmm] [LEVEL] [rendered/system] [COMPONENT] MESSAGE {Useful Object / Stacktrace Err Object}

Note: please always add logs whenever possible to any issue you want to fill to enable the team identify the problem quickly


Here you can find our documentation.


  • Glossary: find other information about the system
  • Roadmap: view our next steps and stay up to date
  • Contributing: follow the guidelines if you'd like to contribute to the project
  • Project Structure: check how we structured the project and where to find the files


Mozilla Public License v2.0

Repo Not Found