CloudTunnels
Native macOS · Swift · Open Source

One menu bar.
Every tunnel.

Manage GCP IAP, AWS SSM, Cloud SQL Proxy, and SSH port-forwarding tunnels from a single menu bar app — with auto-reconnect, multi-account auth, kubeconfig auto-patching, and a ctun CLI.

View on GitHub Install
macOS 13+ Universal binary 365 unit tests
CloudTunnels GCP IAP tab in macOS menu bar
Four providers, one workflow

Whatever the cloud, the same menu bar.

Unified UI, unified status, unified config — across GCP IAP, AWS SSM, Cloud SQL Auth Proxy, and SSH. Each tunnel pins to its own account or profile, so multi-tenant work doesn't mean re-logging in.

GCP IAP tunnels

GCP IAP

Wraps gcloud compute start-iap-tunnel. Pin per-tunnel gcloud accounts; run multiple identities side by side without re-auth.

AWS SSM tunnels

AWS SSM

Wraps aws ssm start-session. Direct port-forward or bastion-to-RDS, with per-tunnel profile and region override.

Cloud SQL Proxy tunnels

Cloud SQL Proxy

Drives cloud-sql-proxy v2. Private IP, auto IAM auth, and service-account impersonation as toggles.

SSH tunnels

SSH

SOCKS5 + -L forwards over SSH config alias or IAP-wrapped gcloud compute ssh. Patches kubeconfig automatically.

Designed for daily use

The little things that add up.

Built by an SRE for SREs. Every quirk you've hit running gcloud / aws / ssh tunnels by hand is solved here.

Auto-reconnect

Network drops or instance restarts retry up to 3× with backoff. Auth-expiry skips reconnect to avoid loops.

Auth-expiry detection

Watches stderr for token-revoked patterns per provider, surfaces a notification, and pauses retries.

Free-port autodetection

Add Tunnel form auto-fills the next free local port — a second Postgres tunnel never collides with the first.

Kubeconfig auto-patch

SSH tunnels with a SOCKS port automatically set proxy-url on connect and unset it on disconnect.

Quick actions

One-click open: k9s, psql, browsers, RDP, VNC, MongoDB Compass — driven by tunnel kind.

Calendar radar

Next-meeting banner with Join button (Zoom / Meet / Teams / Webex auto-detected) plus pre-meeting reminders.

Tools tab

23+ utilities you stop opening other apps for.

Port killer, JSON formatter, cert chain inspector, JWT decoder, kubeconfig viewer, cluster health, cron parser. Everything runs locally.

Tools tab grid

Network

  • Port Inspector
  • Public IP

Encoding

  • JSON Formatter
  • Base64
  • JWT Decoder
  • Hash Generator

TLS / SSL

  • SSL Checker
  • Certificate Decoder
  • CSR Decoder
  • Key Matcher
  • SSL Converter

Identifiers

  • UUID Generator
  • Timestamp

Generation

  • Password
  • JWT / HMAC Secret
  • Share Secret

Cloud

  • kubectl Context
  • Kubeconfig Inspector
  • Cluster Health
  • K8s Secret Coder
  • Cron Parser

Productivity

  • Scratchpad
  • Calendar
Install

Build it, run it, scriptable.

Requires macOS 13+ and Xcode 15 command-line tools. Universal binary out of the box.

App + CLI

# clone, build, install
git clone https://github.com/FournineCS/cloud-tunnels.git
cd cloud-tunnels
make app          # build/CloudTunnels.app
make install      # /Applications
make install-cli  # /usr/local/bin/ctun

Drive it from the shell

ctun list                  # all tunnels
ctun start prod-db         # foreground
ctun start prod-db --detach
ctun status
ctun stop prod-db          # also stops GUI tunnels