Awesome Bash Tools for DevOps

A curated list of battle-tested Bash and Shell tools for DevOps workflows — automation, cloud operations, CI/CD, containers, security, and infrastructure management.

Curated by Wagner — The first AI DevOps teammate

Star History

Contents

• Version Managers
• Shell Frameworks & Dotfiles
• Git & SCM
• Cloud Operations
• Kubernetes & Containers
• CI/CD & Testing
• Infrastructure as Code
• Security & Auditing
• Monitoring & Observability
• Databases
• Networking & SSL
• System Administration
• Data Validation & Linting
• Terminal Productivity
• Getting Started

📦 Version Managers

Tools that let you install and switch between multiple versions of languages, runtimes, and DevOps tools — all from Bash.

nvm (Node Version Manager)

The standard for managing Node.js versions. Pure POSIX-compliant Bash.

Repo	nvm-sh/nvm
What it does	Install, switch, and manage multiple Node.js versions per project or globally.
Standout feature	🔄 Automatic version switching via .nvmrc files.
Written in	Pure Bash

pyenv

Simple Python version management that intercepts Python commands using shims.

Repo	pyenv/pyenv
What it does	Install and switch between multiple Python versions. Per-project version pinning via .python-version.
Standout feature	🧩 Plugin ecosystem — virtualenv, pip-rehash, update.
Written in	Bash

rbenv

Lightweight Ruby version management.

Repo	rbenv/rbenv
What it does	Manage app-specific Ruby versions without modifying system Ruby.
Written in	Bash + Shell

asdf

One version manager to rule them all.

Repo	asdf-vm/asdf
What it does	Extendable version manager for Ruby, Node.js, Python, Erlang, Elixir, Terraform, and 500+ tools via plugins.
Standout feature	🔌 Single .tool-versions file replaces .nvmrc, .python-version, .ruby-version, etc.
Note	Originally pure Bash, core rewritten in Go — shell integration remains Bash-native.

tfenv

Terraform version manager inspired by rbenv.

Repo	tfutils/tfenv
What it does	Install and switch between Terraform versions. Auto-switching via .terraform-version files.
Written in	Pure Bash

Other Version Managers

Repo	Notes
syndbg/goenv	Go version management, rbenv-style.
jenv/jenv	Java version management for the shell.
warrensbox/terraform-switcher	Interactive Terraform version switcher.

🐚 Shell Frameworks & Dotfiles

Supercharge your Bash environment with frameworks, themes, and dotfile managers.

Bash-it

The community Bash framework — like oh-my-zsh, but for Bash.

Repo	Bash-it/bash-it
What it does	Collection of community Bash commands, aliases, plugins, themes, and completions.
Standout feature	🎨 70+ themes, 60+ plugins — modular enable/disable per feature.

Oh My Bash

Community-driven framework for managing Bash configuration.

Repo	ohmybash/oh-my-bash
What it does	Themes, plugins, and aliases for Bash — inspired by Oh My Zsh.
Standout feature	🚀 Drop-in migration path for Oh My Zsh users switching to Bash.

direnv

Unclutter your shell profile with per-directory environment variables.

Repo	direnv/direnv
What it does	Loads/unloads environment variables based on the current directory (.envrc files).
Standout feature	🔒 Security — requires explicit direnv allow before executing any .envrc.

Dotfile Managers

Repo	Notes
twpayne/chezmoi	Manage dotfiles across multiple machines with templates and encryption.
anishathalye/dotbot	Lightweight YAML-based dotfile bootstrapper.
TheLocehiliworworworworwor/yadm	Git-based dotfiles manager with encryption and templating.
webpro/awesome-dotfiles	Curated list of dotfile resources and frameworks.

🔀 Git & SCM

Bash-powered tools to make Git faster, safer, and more productive.

git-extras

60+ Git utilities — the Swiss Army knife for Git.

Repo	tj/git-extras
What it does	Adds subcommands: git summary, git changelog, git effort, git authors, git squash, git undo, and dozens more.
Standout feature	📊 git summary — instant repo stats (commits, authors, age, active days).

git-secret

Store encrypted secrets inside your Git repo.

Repo	sobolevn/git-secret
What it does	Encrypts files with GPG before commit, decrypts on checkout. Team members added via public keys.
Standout feature	🔐 Zero-dependency encryption — uses existing GPG keys.
Written in	Pure Bash

gitflow

The original Git branching model implementation.

Repo	nvie/gitflow
What it does	High-level git operations for Vincent Driessen's branching model — feature, release, hotfix branches.
Status	📦 Mature/stable — widely adopted standard.

Other Git Tools

Repo	Notes
junegunn/fzf-git.sh	fzf-powered key bindings for Git objects (branches, tags, commits, stashes).
unixorn/git-extra-commands	Collection of useful extra Git scripts and utilities.
AGWA/git-crypt	Transparent file encryption in Git repos.
bigH/git-fuzzy	Interactive Git commands with fzf integration.

☁️ Cloud Operations

Bash scripts and tools for managing AWS, GCP, Azure, and multi-cloud environments.

AWS

aws-cli-utils (DevOps-Bash-tools)

Comprehensive AWS automation — IAM, EC2, ECR, EKS, S3, KMS, SSM, CloudTrail, and more.

Source	Part of HariSekhon/DevOps-Bash-tools
What it does	100+ AWS scripts: account summaries, IAM reports, CIS benchmark hardening, EC2 management, S3 access logging, KMS key rotation, CloudWatch billing alarms.
Standout feature	📋 One-command IAM credential reports and CIS compliance checks.

Community options

Repo	Notes
bash-my-aws/bash-my-aws	CLI commands for AWS — pipe-friendly, composable, Unix-philosophy style.
aws-samples/aws-shell	Interactive productivity booster for the AWS CLI.

GCP

Source	Part of HariSekhon/DevOps-Bash-tools
What it does	Massive GCP auto-inventory, GCE, GKE, GCR, BigQuery, Cloud SQL, Secret Manager, and Terraform service account creation scripts.

Multi-Cloud

Repo	Notes
gruntwork-io/bash-commons	Collection of reusable Bash functions for writing robust scripts (logging, assertions, string manipulation).
bats-core/bats-core	Bash Automated Testing System — test your cloud scripts before deploying.

☸️ Kubernetes & Containers

kubectx + kubens

The fastest way to switch Kubernetes contexts and namespaces.

Repo	ahmetb/kubectx
What it does	kubectx switches clusters, kubens switches namespaces — with fzf interactive mode.
Standout feature	⚡ Tab completion + fzf fuzzy matching for instant context/namespace switching.
Note	Originally pure Bash, later versions include a Go rewrite — shell completions remain Bash-native.

kube-ps1

Kubernetes context and namespace in your shell prompt.

Repo	jonmosco/kube-ps1
What it does	Displays current Kubernetes context and namespace in your Bash/Zsh prompt.
Standout feature	🎯 Instant visibility into which cluster you're targeting — prevents wrong-cluster mistakes.
Written in	Pure Bash/Zsh

Docker Bench Security

CIS Docker Benchmark compliance checker.

Repo	docker/docker-bench-security
Maintainer	🏷️ Docker (Official)
What it does	Checks dozens of common best-practices around deploying Docker containers in production.
Standout feature	📋 Maps directly to CIS Docker Benchmark sections — instant compliance reporting.
Written in	Pure Bash

Container Helpers

Repo	Notes
jesseduffield/lazydocker	Terminal UI for Docker and Docker Compose management.
wagoodman/dive	Explore Docker image layers and discover ways to shrink image size.
hadolint/hadolint	Dockerfile linter that helps build best practice Docker images.

🚀 CI/CD & Testing

bats-core

The Bash Automated Testing System — TAP-compliant unit testing for Bash.

Repo	bats-core/bats-core
What it does	Write and run tests for Bash scripts using a simple, readable syntax. TAP (Test Anything Protocol) compliant output.
Standout feature	🧪 First-class testing for shell scripts — setup, teardown, assertions, parallel test execution.
Written in	Pure Bash

Companion libraries

Repo	Notes
bats-core/bats-support	Supporting library for bats-core test helpers.
bats-core/bats-assert	Assertion library for bats-core.
bats-core/bats-file	File system assertion library for bats-core.

ShellCheck

The essential static analysis tool for shell scripts.

Repo	koalaman/shellcheck
What it does	Finds bugs, syntax issues, semantic problems, and pitfalls in sh/bash/dash/ksh scripts.
Standout feature	🛡️ Catches hundreds of common Bash mistakes — missing quotes, globbing bugs, POSIX compatibility issues.
Integrations	Runs in CI/CD (GitHub Actions, GitLab CI), editors (VS Code, Vim, Emacs), and pre-commit hooks.

shfmt

Shell script formatter — like gofmt for Bash.

Repo	mvdan/sh
What it does	Parses, formats, and interprets shell scripts. Supports Bash, POSIX sh, and mksh.
Standout feature	🎨 Consistent formatting — integrates with editors and CI pipelines via shfmt.

CI/CD Pipeline Tools

Repo	Notes
super-linter/super-linter	Combination of multiple linters as a GitHub Action — includes ShellCheck.
pre-commit/pre-commit	Framework for managing multi-language pre-commit hooks including shell linting.
nektos/act	Run GitHub Actions locally — test your CI workflows without pushing.

🏗️ Infrastructure as Code

Terraform Helpers

Repo	Notes
tfutils/tfenv	Pure Bash Terraform version manager with auto-switching.
antonbabenko/pre-commit-terraform	Pre-commit hooks for Terraform — fmt, validate, tflint, docs, security.
gruntwork-io/terragrunt	Thin wrapper for Terraform providing extra tools for DRY configs and multi-module deploys.

Ansible Helpers

Repo	Notes
willthames/ansible-lint	Linting tool for Ansible playbooks, roles, and collections.

Cloud Provisioning

Repo	Notes
StackExchange/blackbox	Safely store secrets in Git/Mercurial/Subversion using GPG encryption. Works with Puppet, Chef, Ansible.
gruntwork-io/bash-commons	Reusable Bash functions for writing infrastructure scripts — logging, assertions, OS detection.

🔒 Security & Auditing

Lynis

Enterprise-grade security auditing for Unix systems.

Repo	CISOfy/lynis
What it does	Security auditing, compliance testing (HIPAA, ISO27001, PCI DSS), and system hardening guidance for Linux, macOS, and Unix.
Standout feature	📋 Generates actionable hardening recommendations with severity ratings.
Written in	Pure Shell

Docker Bench Security

Repo	docker/docker-bench-security
Maintainer	🏷️ Docker (Official)
What it does	Checks Docker host and container configurations against the CIS Docker Benchmark.
Written in	Pure Bash

acme.sh

Zero-dependency ACME client for automated SSL/TLS certificates.

Repo	acmesh-official/acme.sh
What it does	Fully automated SSL certificate issuance and renewal from Let's Encrypt, ZeroSSL, and other ACME CAs. DNS-01 and HTTP-01 validation.
Standout feature	🔐 Pure Unix shell — zero dependencies, works on any Unix-like system including embedded devices.
Supports	150+ DNS providers for automated DNS validation.

Other Security Tools

Repo	Notes
The-Z-Labs/linux-exploit-suggester	Linux privilege escalation auditing — detects kernel security deficiencies.
dehydrated-io/dehydrated	Let's Encrypt / ACME client in ~2500 lines of Bash. Minimal dependencies.
drwetter/testssl.sh	Testing TLS/SSL encryption on any port — pure Bash, no dependencies.
trimstray/htrace.sh	HTTP/HTTPS troubleshooting and profiling tool.

📊 Monitoring & Observability

Bash-based Monitoring

Repo	Notes
monitoring-plugins/monitoring-plugins	Official Nagios/Icinga monitoring plugins suite — many written in Shell.
madrisan/nagios-plugins-linux	Nagios-compatible plugins for Linux systems (CPU, memory, disk, network).
nicolargo/glances	Cross-platform system monitoring tool — top/htop alternative.

Log Management

Repo	Notes
rcaloras/bash-preexec	Preexec and precmd hook functions for Bash — audit and log every command.
pkolber/logtail	Real-time log file monitoring with pattern matching.

🗄️ Databases

CLI Wrappers & Tools

Repo	Notes
dbcli/pgcli	PostgreSQL CLI with autocompletion and syntax highlighting.
dbcli/mycli	MySQL/MariaDB CLI with autocompletion and syntax highlighting.
dbcli/litecli	SQLite CLI with autocompletion and syntax highlighting.
xo/usql	Universal CLI for PostgreSQL, MySQL, SQLite, Oracle, SQL Server, and 40+ databases.

Database DevOps

Repo	Notes
flyway/flyway	Database migration tool — version control for your database schema.
pressly/goose	Database migration tool supporting SQL and Go functions.

🌐 Networking & SSL

Network Tools

Repo	Notes
drwetter/testssl.sh	TLS/SSL testing — cipher suites, protocols, vulnerabilities. Pure Bash.
acmesh-official/acme.sh	Automated SSL certificate management via ACME protocol.
sivel/speedtest-cli	Command-line interface for testing internet bandwidth using speedtest.net.
zmap/zmap	Fast single-packet network scanner for internet-wide surveys.

🖥️ System Administration

System Info & Management

Repo	Notes
dylanaraps/neofetch	System info tool in Bash 3.2+. ⚠️ Archived — use HyFetch instead.
dylanaraps/pfetch	Minimal system info tool in POSIX sh.
tmux-plugins/tpm	Tmux Plugin Manager — manage tmux plugins from Bash.

Package Management

Repo	Notes
Homebrew/brew	The missing package manager for macOS and Linux.
Homebrew/homebrew-cask	CLI workflow for macOS GUI applications via Homebrew.
jordanbaird/ice	Menu bar manager for macOS.

Process & File Management

Repo	Notes
sharkdp/fd	Simple, fast alternative to find.
BurntSushi/ripgrep	Ultra-fast recursive search — grep replacement.
sharkdp/bat	cat clone with syntax highlighting and Git integration.
eza-community/eza	Modern replacement for ls with Git integration and colors.

📋 Data Validation & Linting

Shell & Script Linting

Repo	Notes
koalaman/shellcheck	Static analysis for sh/bash scripts. The gold standard.
mvdan/sh	Shell parser, formatter (shfmt), and interpreter.
bats-core/bats-core	TAP-compliant testing framework for Bash scripts.

Data Format Validation

Repo	Notes
jqlang/jq	Lightweight command-line JSON processor — essential for API scripting.
mikefarah/yq	YAML, JSON, XML, CSV, TOML processor — jq for YAML.
kislyuk/yq	Command-line YAML/XML/TOML processor — jq wrapper.
adrienverge/yamllint	Linter for YAML files — checks syntax and cosmetic problems.

⚡ Terminal Productivity

fzf

The ultimate command-line fuzzy finder.

Repo	junegunn/fzf
What it does	General-purpose fuzzy finder — files, command history, processes, Git branches, Kubernetes pods, anything.
Standout feature	🔍 Transforms any list into an interactive, filterable selector. Integrates with Bash, Zsh, and Fish.
Integrations	Ctrl+R (history), Ctrl+T (files), Alt+C (directories), plus custom scripts.

Other Productivity Tools

Repo	Notes
tldr-pages/tldr	Simplified man pages — community-driven, practical examples.
charmbracelet/glow	Render markdown in the terminal with style.
ajeetdsouza/zoxide	Smarter cd — learns your most-used directories.
ogham/dog	Command-line DNS client — dig on steroids.
ClementTsang/bottom	Graphical process/system monitor for the terminal.

🏁 Getting Started

Setting Up Your Bash DevOps Environment

A recommended starting stack for any DevOps engineer:

# 1. Install a shell framework
bash -c "$(curl -fsSL https://raw.githubusercontent.com/ohmybash/oh-my-bash/master/tools/install.sh)"

# 2. Install fzf for fuzzy finding everywhere
git clone --depth 1 https://github.com/junegunn/fzf.git ~/.fzf && ~/.fzf/install

# 3. Install version managers
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
curl https://pyenv.run | bash

# 4. Install ShellCheck for script linting
# macOS
brew install shellcheck
# Ubuntu/Debian
sudo apt install shellcheck

# 5. Install bats for testing your scripts
npm install -g bats

Essential Aliases

Add these to your .bashrc or .bash_profile:

# Kubernetes
alias k='kubectl'
alias kctx='kubectx'
alias kns='kubens'

# Git
alias gs='git status'
alias gd='git diff'
alias gl='git log --oneline --graph --decorate'

# Docker
alias dps='docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"'
alias dcu='docker compose up -d'
alias dcd='docker compose down'

# Cloud
alias tf='terraform'
alias tfi='terraform init'
alias tfp='terraform plan'
alias tfa='terraform apply'

🛡️ Best Practices

	Recommendation
1️⃣	Use ShellCheck — Run it on every script. Add it to your CI pipeline and pre-commit hooks.
2️⃣	Test with bats — Write tests for critical scripts. If a script touches production, it needs tests.
3️⃣	Use set -euo pipefail — Start every script with strict mode to catch errors early.
4️⃣	Quote your variables — Always "$variable" not $variable. ShellCheck will remind you.
5️⃣	Use version managers — Never install languages/tools globally. Use nvm, pyenv, tfenv, or asdf.

Contributing

Have a Bash DevOps tool that should be here? See CONTRIBUTING.md.

Requirements:

• Must have a working public repository or documentation.
• Must be relevant to DevOps workflows.
• Must include verified links.

Resources

• Bash Reference Manual
• Advanced Bash-Scripting Guide
• Google Shell Style Guide
• awesome-bash
• awesome-shell
• awesome
• ShellCheck Wiki
• explainshell.com

License

To the extent possible under law, Wagner has waived all copyright and related rights to this work.