How do you guys manage AWS STS credentials (alternatives to Leapp)

At my work, we manage several AWS accounts for different build environments, and we use IAM sessions to handle CLI credentials, AWS Console web sessions, and start SSM sessions. What’s the best way to do these things on NixOS?

For context, the recommended solution for this at my work is Noovalari Leapp (, an Electron-based application. Up to this point, I’ve ran their AppImage on my Manjaro Linux AMD64 machine without issues, but I haven’t been able to get it or any of the related tools to run on NixOS.

Things I’ve tried:

  • Running the AppImage via appimage-run. The app starts, but shows a blank white screen.
  • Extracting the AppImage and running the executable inside. Fails immediately.
  • Running the executable inside with steam-run. Complains about missing libraries.
  • Running the executable with nix-ld. Complains about missing libraries even though I have declared them in the programs.nix-ld.libraries config (I mainly remember Xorg libraries here)
  • Installing the NPM CLI package - can’t because the NPM registry is (understandably) read-only
  • Installing the NPM CLI package via node2nix - end up creating a derivation that doesn’t expose an executable command
  • Running the NPM CLI package via NPX - starts, but complains about missing when I try to create an integration.

If I can get Leapp working, that would be ideal, but since I’m willing to dive into the CLI, I imagine there’s a far more NixOS-compatible solution that handles these credential management tasks, probably commands within the AWS CLI itself that I’m unfamiliar with.