iam-runtime-static is an IAM runtime implementation that uses static credentials in environment variables for authenticating and authorizing subjects. This provides a way to integrate IAM functionality into an application in local development environments without needing to include extraneous services or mocks in application code.

iam-runtime-static can be run as a standalone binary or a container (i.e., when running Docker Compose applications).

To run it as a standalone binary using the example policy and a socket in /tmp, use the following commands:

$ go build -mod=readonly -o bin/ .
$ ALICE_TOKEN=a1ic3 BOB_TOKEN=B0b ./bin/iam-runtime-static serve --policy policy.example.yaml --listen /tmp/runtime.sock --pretty

To configure iam-runtime-static, you must define the static tokens that correspond to subjects and the resources those subjects have access to. An example policy is available in this repository.