Opal allows you to centrally manage access to all of your sensitive systems.
$ npm install -g opal-security
$ opal COMMAND
running command...
$ opal (--version)
opal-security/3.1.3 linux-x64 node-v20.19.0
$ opal --help [COMMAND]
USAGE
$ opal COMMAND
...opal autocomplete [SHELL]opal aws identityopal clear-auth-provideropal curl-exampleopal groups getopal help [COMMANDS]opal iam-roles startopal kube-roles startopal loginopal logoutopal postgres-instances startopal resources getopal set-auth-provideropal set-custom-headeropal set-tokenopal set-url [URL]opal ssh copyFromopal ssh copyToopal ssh startopal version
display autocomplete installation instructions
USAGE
$ opal autocomplete [SHELL] [-r]
ARGUMENTS
SHELL shell type
FLAGS
-r, --refresh-cache Refresh cache (ignores displaying instructions)
DESCRIPTION
display autocomplete installation instructions
EXAMPLES
$ opal autocomplete
$ opal autocomplete bash
$ opal autocomplete zsh
$ opal autocomplete --refresh-cache
See code: @oclif/plugin-autocomplete
Gets the current caller identity for the "opal" AWS profile.
USAGE
$ opal aws identity [-h]
FLAGS
-h, --help Show CLI help.
DESCRIPTION
Gets the current caller identity for the "opal" AWS profile.
EXAMPLES
$ opal aws:identity
See code: src/commands/aws/identity.ts
Clears the custom Issuer URL and Client ID set by set-airgap-auth, returning to the default.
USAGE
$ opal clear-auth-provider [-h]
FLAGS
-h, --help Show CLI help.
DESCRIPTION
Clears the custom Issuer URL and Client ID set by set-airgap-auth, returning to the default.
EXAMPLES
$ opal clear-auth-provider
See code: src/commands/clear-auth-provider.ts
Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
USAGE
$ opal curl-example [-h]
FLAGS
-h, --help Show CLI help.
DESCRIPTION
Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
See code: src/commands/curl-example.ts
Get group info for a particular group.
USAGE
$ opal groups get [-h] [-i <value>]
FLAGS
-h, --help Show CLI help.
-i, --id=<value> The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
DESCRIPTION
Get group info for a particular group.
EXAMPLES
$ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
See code: src/commands/groups/get.ts
Display help for opal.
USAGE
$ opal help [COMMANDS...] [-n]
ARGUMENTS
COMMANDS... Command to show help for.
FLAGS
-n, --nested-commands Include all nested commands in the output.
DESCRIPTION
Display help for opal.
See code: @oclif/plugin-help
Starts a session to assume an IAM role.
USAGE
$ opal iam-roles start [-h] [-i <value>] [-s <value>] [-r] [--profileName <value>]
FLAGS
-h, --help Show CLI help.
-i, --id=<value> The Opal ID of the resource. You can find this from the URL, e.g.
https://opal.dev/resources/[ID]
-r, --refresh Starts a new session even if one already exists. Useful if a session is about to expire.
-s, --sessionId=<value> The Opal ID of the session to connect to. Uses an existing session that was created via the
web flow.
--profileName=<value> Uses a custom AWS profile name for the IAM role. Default value is the role's name.
DESCRIPTION
Starts a session to assume an IAM role.
EXAMPLES
$ opal iam-roles:start
$ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398
$ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
See code: src/commands/iam-roles/start.ts
Starts a session to assume a Kubernetes cluster IAM role.
USAGE
$ opal kube-roles start [-h] [-i <value>] [-a <value>] [-s <value>] [-r]
FLAGS
-a, --accessLevelRemoteId=<value> The remote ID of the access level with which to access the resource.
-h, --help Show CLI help.
-i, --id=<value> The Opal ID of the resource. You can find this from the URL, e.g.
https://opal.dev/resources/[ID]
-r, --refresh Starts a new session even if one already exists. Useful if a session is about to
expire.
-s, --sessionId=<value> The Opal ID of the session to connect to. Uses an existing session that was created
via the web flow.
DESCRIPTION
Starts a session to assume a Kubernetes cluster IAM role.
EXAMPLES
$ opal kube-roles:start
$ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398
$ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
See code: src/commands/kube-roles/start.ts
Authenticates you with the Opal server.
USAGE
$ opal login [-h] [--email <value>]
FLAGS
-h, --help Show CLI help.
--email=<value> Email address to login with.
DESCRIPTION
Authenticates you with the Opal server.
EXAMPLES
$ opal login
See code: src/commands/login.ts
Clears locally stored Opal server authentication credentials.
USAGE
$ opal logout [-h]
FLAGS
-h, --help Show CLI help.
DESCRIPTION
Clears locally stored Opal server authentication credentials.
EXAMPLES
$ opal logout
See code: src/commands/logout.ts
Starts a session to connect to a Postgres database.
USAGE
$ opal postgres-instances start [-h] [-i <value>] [-a <value>] [-s <value>] [-r] [--action psql|view]
FLAGS
-a, --accessLevelRemoteId=<value> The remote ID of the access level with which to access the resource.
-h, --help Show CLI help.
-i, --id=<value> The Opal ID of the resource. You can find this from the URL, e.g.
https://opal.dev/resources/[ID]
-r, --refresh Starts a new session even if one already exists. Useful if a session is about to
expire.
-s, --sessionId=<value> The Opal ID of the session to connect to. Uses an existing session that was created
via the web flow.
--action=<option> Method of connecting to the database.
- psql: Start psql session in shell
- view: View connection configuration details
<options: psql|view>
DESCRIPTION
Starts a session to connect to a Postgres database.
EXAMPLES
$ opal postgres-instances:start
$ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398
$ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess
$ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
See code: src/commands/postgres-instances/start.ts
Get resource info for a particular resource.
USAGE
$ opal resources get [-h] [-i <value>]
FLAGS
-h, --help Show CLI help.
-i, --id=<value> The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
DESCRIPTION
Get resource info for a particular resource.
EXAMPLES
$ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
See code: src/commands/resources/get.ts
Sets the Issuer URL and Client ID of the Auth Provider that the CLI will authenticate with.
USAGE
$ opal set-auth-provider --clientID <value> --issuerUrl <value> [-h]
FLAGS
-h, --help Show CLI help.
--clientID=<value> (required) Client ID of your Auth Provider
--issuerUrl=<value> (required) Issuer URL of your Auth Provider
DESCRIPTION
Sets the Issuer URL and Client ID of the Auth Provider that the CLI will authenticate with.
Only use this if you are running a self-hosted, air-gapped instance of Opal that uses a custom Auth Provider.
Note - you will need an OIDC provider that supports the device_code grant.
EXAMPLES
$ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com
See code: src/commands/set-auth-provider.ts
Sets a custom HTTP header to connect to the Opal server.
USAGE
$ opal set-custom-header [-h] [--header <value>]
FLAGS
-h, --help Show CLI help.
--header=<value>
DESCRIPTION
Sets a custom HTTP header to connect to the Opal server.
EXAMPLES
$ opal set-custom-header --header 'cf-access-token: $TOKEN'
See code: src/commands/set-custom-header.ts
Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.
USAGE
$ opal set-token [-h]
FLAGS
-h, --help Show CLI help.
DESCRIPTION
Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.
EXAMPLES
$ opal set-token
See code: src/commands/set-token.ts
Sets the url of the Opal server. Defaults to https://app.opal.dev.
USAGE
$ opal set-url [URL] [-h] [--allowSelfSignedCerts]
ARGUMENTS
URL URL of the Opal server to use. If unspecified, defaults to https://app.opal.dev
FLAGS
-h, --help Show CLI help.
--allowSelfSignedCerts
DESCRIPTION
Sets the url of the Opal server. Defaults to https://app.opal.dev.
EXAMPLES
$ opal set-url
See code: src/commands/set-url.ts
Use SCP to copy files from a compute instance.
USAGE
$ opal ssh copyFrom --src <value> [-h] [--dest <value>] [--user <value>] [-i <value>] [-s <value>]
FLAGS
-h, --help Show CLI help.
-i, --id=<value> The Opal ID of the resource. You can find this from the URL, e.g.
https://opal.dev/resources/[ID]
-s, --sessionId=<value> The Opal ID of the session to connect to. Uses an existing session that was created via the
web flow.
--dest=<value> [default: .] The directory you want your files to be copied to.
--src=<value> (required) The directory or file you would like to copy over SCP. Note we only support one
file or directory at a time.
--user=<value> [default: ssm-user] The user you want to run SCP over. Keep in mind not all users will have
access to each other's home directory.
DESCRIPTION
Use SCP to copy files from a compute instance.
EXAMPLES
$ opal ssh:copyFrom --src instance/dir --dest my/dir
$ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
See code: src/commands/ssh/copyFrom.ts
Use SCP to copy files to a compute instance.
USAGE
$ opal ssh copyTo --src <value> [-h] [--dest <value>] [--user <value>] [-i <value>] [-s <value>]
FLAGS
-h, --help Show CLI help.
-i, --id=<value> The Opal ID of the resource. You can find this from the URL, e.g.
https://opal.dev/resources/[ID]
-s, --sessionId=<value> The Opal ID of the session to connect to. Uses an existing session that was created via the
web flow.
--dest=<value> [default: .] The directory you want your files to be copied to.
--src=<value> (required) The directory or file you would like to copy over SCP. Note we only support one
file or directory at a time.
--user=<value> [default: ssm-user] The user you want to run SCP over. Keep in mind not all users will have
access to each other's home directory.
DESCRIPTION
Use SCP to copy files to a compute instance.
EXAMPLES
$ opal ssh:copyTo --src my/dir --dest instance/dir
$ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
See code: src/commands/ssh/copyTo.ts
Starts an SSH session to access a compute instance.
USAGE
$ opal ssh start [-h] [-i <value>] [-s <value>] [-r]
FLAGS
-h, --help Show CLI help.
-i, --id=<value> The Opal ID of the resource. You can find this from the URL, e.g.
https://opal.dev/resources/[ID]
-r, --refresh Starts a new session even if one already exists. Useful if a session is about to expire.
-s, --sessionId=<value> The Opal ID of the session to connect to. Uses an existing session that was created via the
web flow.
DESCRIPTION
Starts an SSH session to access a compute instance.
EXAMPLES
$ opal ssh:start
$ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
See code: src/commands/ssh/start.ts
USAGE
$ opal version [--json] [--verbose]
FLAGS
--verbose Show additional information about the CLI.
GLOBAL FLAGS
--json Format output as json.
FLAG DESCRIPTIONS
--verbose Show additional information about the CLI.
Additionally shows the architecture, node version, operating system, and versions of plugins that the CLI is using.
See code: @oclif/plugin-version