I put together a cheat sheet for the Conjur Command Line Interface a while back and figured I’d post it here, so other people can reference it as well.
Synopsis:
conjur [global options] command [command options] [arguments...]
Global Options:
--help
- Show commands
--version
- Display the program version
Commands
authn - Login and logout
Synopsis:
conjur [global options] authn authenticate [-H | --header] [-f filename | --filename filename]
conjur [global options] authn login [-p password|--password password] [-u username|--username username] login-name
conjur [global options] authn logout
conjur [global options] authn whoami
Sub-Commands:
authenticate - Obtains an authentication token using the current logged-in user
login - Logs in and caches credentials to netrc.
logout - Logs out
whoami - Prints out the current logged in username
check - Check a user's privilege on a resource
Synopsis:
conjur check [object] [privilege] [user]
Privileges:
read, write, execute
env - Use values of Conjur variables in local context
Synopsis:
conjur [global options] env check [--policy arg] [--yaml arg] [-c FILE]
conjur [global options] env help
conjur [global options] env run [--policy arg] [--yaml arg] [-c FILE] -- command [arg1, arg2 ...]
conjur [global options] env template [--policy arg] [--yaml arg] [-c FILE] template.erb
Sub-Commands:
check - Check availability of Conjur variables
help - Print description of environment configuration format
run - Execute external command with environment variables populated
from Conjur
template - Render ERB template with variables obtained from Conjur
help - Shows the help menu
this
host - Manage hosts
Synopsis:
conjur [global options] host layers HOST
conjur [global options] host rotate_api_key [--host arg|-h arg]
Sub-Commands:
hosts - Operations on hosts
tokens - Operations on tokens
hostfactory - Manage host factories
Sysnopsis:
conjur [global options] hostfactory hosts
conjur [global options] hostfactory tokens
Sub-Commands:
hosts - Operations on hosts
tokens - Operations on tokens
init - Initialize the Conjur configuration
Synopsis:
conjur [global options] init [-u URL of Conjur service] [-a account name]
ldap-sync - LDAP sync management commands
Synopsis:
conjur [global options] ldap-sync policy
Sub-Commands:
policy - Manage the policy used to sync Conjur and the LDAP server
list - Lists Conjur objects
Synopsis:
conjur list
plugin - Manage plugins
Synopsis:
conjur [global options] plugin install [-v version|--version version] PLUGIN
conjur [global options] plugin list
conjur [global options] plugin show PLUGIN
conjur [global options] plugin uninstall PLUGIN
Sub-Commands:
install - Install a plugin
list - List installed plugins
show - Show a plugin’s details
uninstall - Uninstall a plugin
policy - Manage policies
Synopsis:
conjur [global options] policy load [--delete] [--replace] POLICY FILENAME
Sub-Commands:
load - Load a policy
–delete – deletes a policy
–replace – replaces a policy
pubkeys - Public keys service operations
Synopsis:
conjur [global options] pubkeys [USER]
resource - Manage resources
Synopsis:
conjur [global options] resource exists RESOURCE
conjur [global options] resource permitted_roles RESOURCE PRIVILEGE
Sub-Commands:
exists - Determines whether a resource exists
permitted_roles - List roles with a specified privilege on the resource
roles - Manage roles
Synopsis:
conjur [global options] role exists [--json] ROLE
conjur [global options] role members [-V|--verbose] ROLE
conjur [global options] role memberships [-s|--system] ROLE
Sub-Commands:
exists - Determines whether a role exists
members - Lists all direct members of the role. The membership list is not recursively expanded.
memberships - Lists role memberships. The role membership list is recursively expanded.
show - Show an object
Synopsis:
conjur show [object]
user - Manage users
Synopsis:
conjur [global options] user rotate_api_key [--user arg|-u arg]
conjur [global options] user update_password [-p arg|--password arg]
Sub-Commands:
rotate_api_key - Rotate a user’s API key
update_password - Update the password of the logged-in user
variable - Manage variables
Synopsis:
conjur [global options] variable value [-v arg|--version arg] VARIABLE
conjur [global options] variable values
Sub-Commands
value - Get a value
values - Access variable values