Command-line interface for Conjur.
NOTE: Conjur v4 users should use the
v5.x.x release path. Conjur CLI
v6.0.0 only supports Conjur v5 and newer.
A complete reference guide is available at conjur.org.
$ gem install conjur-cli $ conjur -v conjur version 6.0.0
You can start an ephemeral session with the Conjur CLI software like so:
$ docker run --rm -it cyberark/conjur-cli:5 root@b27a95721e7d:~#
Any initialization you do or files you create in that session will be discarded (permanently lost) when you exit the shell. Changes that you make to the Conjur server will remain.
You can also use a folder on your filesystem to persist the data that the Conjur CLI uses to connect. For example:
$ mkdir mydata $ chmod 700 mydata $ docker run --rm -it -v $(PWD)/mydata:/root cyberark/conjur-cli:5 init -u https://eval.conjur.org SHA1 Fingerprint=E6:F7:AC:E3:3A:54:83:4F:D0:06:9B:49:45:C3:85:58:ED:34:4C:4C Please verify this certificate on the appliance using command: openssl x509 -fingerprint -noout -in ~conjur/etc/ssl/conjur.pem Trust this certificate (yes/no): yes Enter your organization account name: email@example.com Wrote certificate to /firstname.lastname@example.org Wrote configuration to /root/.conjurrc $ ls -lA mydata total 16 drwxr-xr-x 2 you staff 68 Mar 29 14:16 .cache -rw-r--r-- 1 you staff 136 Mar 29 14:16 .conjurrc -rw-r--r-- 1 you staff 3444 Mar 29 14:16 email@example.com $ docker run --rm -it -v $(PWD)/mydata:/root cyberark/conjur-cli:5 authn login -u admin Please enter admin's password (it will not be echoed): Logged in $ ls -lA mydata total 24 drwxr-xr-x 2 you staff 68 Mar 29 14:16 .cache -rw-r--r-- 1 you staff 136 Mar 29 14:16 .conjurrc -rw------- 1 you staff 119 Mar 29 14:19 .netrc -rw-r--r-- 1 you staff 3444 Mar 29 14:16 firstname.lastname@example.org
Security notice: the file
.netrc, created or updated by
conjur authn login, contains a user identity credential that can be used to access the Conjur API. You should remove it after use or otherwise secure it like you would another netrc file.
Create a sandbox environment in Docker using the
$ cd dev dev $ ./start.sh
This will drop you into a bash shell in a container called
The sandbox also includes a Postgres container and Conjur server container. The environment is already setup to connect the CLI to the server:
To login to conjur, type the following and you'll be prompted for a password:
root@2b5f618dfdcb:/# conjur authn login admin Please enter admin's password (it will not be echoed):
The required password is the API key at the end of the output from the
start.sh script. It looks like this:
=============== LOGIN WITH THESE CREDENTIALS =============== username: admin api key : 9j113d35wag023rq7tnv201rsym1jg4pev1t1nb4419767ms1cnq00n ============================================================
At this point, you can use any CLI command you like.
To install dev packages, run
bundle from within the container:
root@2b5f618dfdcb:/# cd /usr/src/cli-ruby/ root@2b5f618dfdcb:/usr/src/cli-ruby# bundle
Then you can run the cucumber tests:
root@2b5f618dfdcb:/usr/src/cli-ruby# cucumber ...
- Fork it
- Create your feature branch (
git checkout -b my-new-feature)
- Commit your changes (
git commit -am 'Added some feature')
- Push to the branch (
git push origin my-new-feature)
- Create new Pull Request
Copyright 2016-2017 CyberArk
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this software except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.