{"id":28122674,"url":"https://github.com/eclipse-biscuit/biscuit-cli","last_synced_at":"2025-05-14T08:14:23.577Z","repository":{"id":41816116,"uuid":"387030338","full_name":"eclipse-biscuit/biscuit-cli","owner":"eclipse-biscuit","description":"CLI to generate and inspect biscuit tokens","archived":false,"fork":false,"pushed_at":"2025-04-09T14:49:06.000Z","size":220,"stargazers_count":17,"open_issues_count":3,"forks_count":3,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-29T01:50:44.601Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eclipse-biscuit.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-07-17T20:20:30.000Z","updated_at":"2025-04-09T14:49:08.000Z","dependencies_parsed_at":"2024-03-30T23:23:48.619Z","dependency_job_id":"2bbdb0d6-4f88-4f26-bd64-05e631aeb641","html_url":"https://github.com/eclipse-biscuit/biscuit-cli","commit_stats":{"total_commits":48,"total_committers":5,"mean_commits":9.6,"dds":0.125,"last_synced_commit":"62745bd805f79dfc6df42d956d8a2ffebf782d02"},"previous_names":["eclipse-biscuit/biscuit-cli","biscuit-auth/biscuit-cli"],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eclipse-biscuit%2Fbiscuit-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eclipse-biscuit%2Fbiscuit-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eclipse-biscuit%2Fbiscuit-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eclipse-biscuit%2Fbiscuit-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eclipse-biscuit","download_url":"https://codeload.github.com/eclipse-biscuit/biscuit-cli/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254101542,"owners_count":22014909,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-14T08:14:21.399Z","updated_at":"2025-05-14T08:14:23.572Z","avatar_url":"https://github.com/eclipse-biscuit.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Biscuit CLI\n\nThis package provides a Command Line Interface allowing to manipulate [biscuit](https://github.com/biscuit-auth/biscuit) tokens.\n\n## Installation\n\nYou can install [biscuit-cli](https://crates.io/crates/biscuit-cli) with Cargo:\n\n```sh\ncargo install biscuit-cli\n```\n\n### From source\n\n```sh\ngit clone https://github.com/biscuit-auth/biscuit-cli.git\ncd biscuit-cli\ncargo install --path .\n```\n\n## Use\n\nThe executable carries contextual help, you can run `biscuit help` to list available commands, and `biscuit help \u003ccommand\u003e` to get help about a specific command.\n\nAll the commands support reading keys, datalog and tokens from various sources, such as files, options, or stdin.\n\nAll the commands can be used in a script, and the commands where you can provide datalog (`generate`, `inspect` and `attenuate`) can also be used in an interactive way,\nwhere a text editor (`$EDITOR`) is started to let you input a datalog program from within a comfortable environment.\n\nBy default keys and biscuits are read and written as hex-encoded and base64-encoded strings, but the CLI supports working with raw bytes directly with dedicated flags.\n\n**Just make sure you don't leak sensitive information like private keys in your shell history**\n\nHere are a list of common use-cases:\n\n### Generate a key pair\n\n```sh\n$ # this will output the keypair, you can then copy/paste the components\n$ biscuit keypair\n\u003e Generating a new random keypair\n\u003e Private key: ed25519/d1e3ebc3f522cc2f7bb40c2377830d834c41ebeb0aa54d881a75059704dfa6cb\n\u003e Public key: ed25519/80c596ea5a6ade1a2f8e7bf96359732d9274789d8e85c0a0a62adbff16f4b289\n\n$ # this will save the private key to a file so you can use it later\n$ biscuit keypair --only-private-key \u003e private-key-file\n```\n\n### Generate a public key from a private key\n\n```sh\n$ biscuit keypair --from-file private-key-file --only-public-key\n\u003e ed25519/2341bc530d8f074100734a41cc05cc82e4e2564eff61b0408f8e37a08f384767\n```\n\n### Create a biscuit token\n\n```sh\n$ # this will open your text editor and let you type in the authority block as datalog\n$ biscuit generate --private-key-file private-key-file\n\u003e En0KEwoFZmlsZTEYAiIICgYIBBICGAcSJAgAEiB-So8adTv5YLBK49I8MrK1JdrYLrFSiFqUkRkVsco9MhpAJzlkr2xHM4JSlFmph7c9UEJPqw_BCscMgkIasAjnXZT5BHpA58M1uo_4KUDbPZSJVtbF93P43X41W7aofjZXAiIiCiCScR0e_rBUa7VjxnKW4PT52ZjC3peMCrWOi1T0jgR0fw==\n\n$ # this will generate the token directly\n$ echo 'right(\"file1\");' | biscuit generate --private-key-file private-key-file -\n$ En0KEwoFZmlsZTEYAiIICgYIBBICGAcSJAgAEiDg91H1_yfDSMrLnfXLowUZsKJDfrC-1XVSPkbikXYy7BpAacFHci_m8X3PffAgeEXVgF3RvwzhE434KWLNpbDYLE1_IOIwsSjRVqFC4fy-NuY9CEqetJ8fHUfo0I7Qs05TDSIiCiDHkAX0s3RgH_wMYDKlE09S2YZM-1cLmFgl5Nh3gvU0bg==\n```\n\n### Inspect a biscuit token\n\nBy default, `biscuit` inspect only prints out the biscuit contents (datalog blocks, and revocation ids).\n\n```sh\n$ # this will inspect the token stored in the given file\n$ biscuit inspect biscuit-file\n\u003e Authority block:\n\u003e == Datalog v3.0 ==\n\u003e right(\"file1\");\n\u003e \n\u003e == Revocation id ==\n\u003e 526c78ffa3819cb71bcade69d6d78f80ad1209f21d2c3326857c66ca8fc19c63a4283929b690ae40ca8474594631caee464b0367b781d3cc1139343c13900509\n\u003e \n\u003e ==========\n\u003e \n\u003e πŸ™ˆ Public key check skipped πŸ”‘\n\u003e πŸ™ˆ Datalog check skipped πŸ›‘οΈ\n```\n\nA public key can be provided to verify the biscuit signatures\n\n```sh\n$ # this will make sure the biscuit has been signed with the expected key pair\n$ biscuit inspect --public-key-file public-key-file biscuit-file\n\u003e Authority block:\n\u003e == Datalog v3.0 ==\n\u003e right(\"file1\");\n\u003e \n\u003e == Revocation id ==\n\u003e 526c78ffa3819cb71bcade69d6d78f80ad1209f21d2c3326857c66ca8fc19c63a4283929b690ae40ca8474594631caee464b0367b781d3cc1139343c13900509\n\u003e \n\u003e ==========\n\u003e \n\u003e βœ… Public key check succeeded πŸ”‘\n\u003e πŸ™ˆ Datalog check skipped πŸ›‘οΈ\n```\n\nAn authorizer can be provided to check if the biscuit would be allowed in a given context (the command exits with a success code only if the signatures are verified and if the authorization suceeded).\n\nIf you want to use your text editor to type in the authorizer, you can use `--authorize-interactive` instead.\n\n```sh\n$ biscuit inspect --public-key-file public-key-file \\\n --authorize-with 'allow if right(\"file1\");' \\\n biscuit-file\n\u003e Authority block:\n\u003e == Datalog v3.0 ==\n\u003e right(\"file1\");\n\u003e \n\u003e == Revocation id ==\n\u003e 526c78ffa3819cb71bcade69d6d78f80ad1209f21d2c3326857c66ca8fc19c63a4283929b690ae40ca8474594631caee464b0367b781d3cc1139343c13900509\n\u003e \n\u003e ==========\n\u003e \n\u003e βœ… Public key check succeeded πŸ”‘\n\u003e βœ… Authorizer check succeeded πŸ›‘οΈ\n\u003e Matched allow policy: allow if right(\"file1\")\n```\n\n### Attenuating a biscuit token\n\n```sh\n# this will create a new biscuit token with the provided block appended\n$ biscuit attenuate biscuit-file --block 'check if client_ip_address(\"127.0.0.1);'\n\u003e En0KEwoFZmlsZTEYAiIICgYIBBICGAcSJAgAEiBrhbrvPUXH9RPOzIwnLVyRWwcK64JQ97kBvz1hLJfjfBpAUmx4_6OBnLcbyt5p1tePgK0SCfIdLDMmhXxmyo_BnGOkKDkptpCuQMqEdFlGMcruRksDZ7eB08wROTQ8E5AFCRqhAQo3CgVxdWVyeQoRY2xpZW50X2lwX2FkZHJlc3MKCTEyNy4wLjAuMRgCMg4KDAoCCAgSBggJEgIYChIkCAASIL6EGw7TZQ-8sRa0RT1U0cW8mjN_GzoW0jwX_67I0zPCGkDL5ho8NPsZwskzJ86e31qR29grjcEQormtv7I3YoQy_I2aoZGNtlviX72FuBT85KlVxJtjOiLxCIOvJj4MVN0KIiIKIM6btYoZ-ONE2gKEJ2raR8Bck7SMBAUf2sK7Z8I7uM_D\n```\n\n## Contribute\n\n```sh\ngit clone https://github.com/biscuit-auth/biscuit-cli.git\ncd biscuit-cli\ncargo run\ncargo test\n# CI ensures consistent formatting\ncargo fmt --check\n# CI ensures that there are no outstanding clippy hints\ncargo clippy\n```\n## Copyright - Licensing\n\nCopyright 2021 ClΓ©ment Delafargue\nLicensed under `BSD-3-Clause`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feclipse-biscuit%2Fbiscuit-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feclipse-biscuit%2Fbiscuit-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feclipse-biscuit%2Fbiscuit-cli/lists"}