{"id":28906795,"url":"https://github.com/hackfixme/paseto-cli","last_synced_at":"2025-10-30T17:31:33.558Z","repository":{"id":299826803,"uuid":"1004195916","full_name":"hackfixme/paseto-cli","owner":"hackfixme","description":"CLI tool for working with PASETO","archived":false,"fork":false,"pushed_at":"2025-06-18T13:28:29.000Z","size":1993,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-18T14:33:28.968Z","etag":null,"topics":["authentication","cli","crossplatform","go","golang","paseto","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hackfixme.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-18T09:03:35.000Z","updated_at":"2025-06-18T13:28:32.000Z","dependencies_parsed_at":"2025-06-18T14:45:19.539Z","dependency_job_id":null,"html_url":"https://github.com/hackfixme/paseto-cli","commit_stats":null,"previous_names":["hackfixme/paseto-cli"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/hackfixme/paseto-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackfixme%2Fpaseto-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackfixme%2Fpaseto-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackfixme%2Fpaseto-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackfixme%2Fpaseto-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hackfixme","download_url":"https://codeload.github.com/hackfixme/paseto-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackfixme%2Fpaseto-cli/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261143159,"owners_count":23115677,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","cli","crossplatform","go","golang","paseto","security"],"created_at":"2025-06-21T15:09:54.747Z","updated_at":"2025-10-30T17:31:33.553Z","avatar_url":"https://github.com/hackfixme.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# paseto-cli\n\nThis is a command-line tool for working with [Platform-Agnostic Security Tokens](https://paseto.io/). It is a lightweight wrapper around the [go-paseto library](https://github.com/aidantwoods/go-paseto).\n\n\n## Features\n\n- Create local and public PASETO v2, v3, and v4 keys in hex and PEM encodings.\n- Create signed and encrypted tokens with custom claims.\n- Parse and validate tokens, with optional time skew tolerance.\n- User-friendly command-line interface.\n- Cross-platform: runs on Linux, macOS and Windows.\n\n\n## Installation\n\nYou can install it in one of two ways:\n\n- Download a pre-built package for your system from the latest release on the [releases page](https://github.com/hackfixme/paseto-cli/releases), and extract the `paseto` binary to a directory on your `$PATH`.\n\n- Build a binary for your system yourself.\n\n  First, ensure you have [Git](https://github.com/git-guides/install-git) and [Go](https://golang.org/doc/install) installed. Go must be version 1.24 or later.\n\n  Then in a terminal run:\n\n  ```sh\n  go install go.hackfix.me/paseto-cli/cmd/paseto@latest\n  ```\n\n\n## Usage\n\n### Key generation\n\nThe `genkey` command creates new keys.\n\nArguments:\n-  `\u003cprotocol-purpose\u003e`: PASETO protocol purpose; \"local\" for shared-key (symmetric) encryption or \"public\" for public-key (asymmetric) signing.\n\nFlags:\n- `-v`, `--protocol-version=\"4\"`: Version of the PASETO protocol. Valid values: 2,3,4\n- `-o`, `--out-file=STRING`: Base file path to write the key(s) to; stdout will be used if not specified.\n- `-e`, `--encoding=\"hex\"`: Encoding type. Valid values: hex,pem\n\n\nExamples:\n- Create a v4 public key pair and output them to stdout in hexadecimal format:\n  ```sh\n  $ paseto genkey public\n  Private key: c771ec8b6edd17878e7e9c5bdc5c482f0710400b3b5de44051a41c8b72ceba059c2efd9df74f3d48e0814d102726b042923280a73b6272d6bae7ed9f694ec332\n  Public key: 9c2efd9df74f3d48e0814d102726b042923280a73b6272d6bae7ed9f694ec332\n  ```\n\n- Create a v4 public key pair and save them to `v4-priv.key` and `v4-pub.key` files in hexadecimal encoding:\n  ```sh\n  $ paseto genkey public --out-file v4\n  ```\n\n- Create a v3 symmetric key and save it to a `v3-sym.key` file in PEM format:\n  ```sh\n  $ paseto genkey local --protocol-version 3 --out-file v3 --encoding pem\n  ```\n\n\n### Creating signed tokens\n\nThe `sign` command creates signed tokens using a private key file created by the `genkey public` command.\n\nFlags:\n- `-v`, `--protocol-version=\"4\"`: Version of the PASETO protocol. Valid values: 2,3,4\n- `-k`, `--key-file=STRING`: Path to a private key file to sign the token.\n- `-e`, `--expiration=1h`: Token expiration as a duration from now (e.g. 5m, 1h, 3d, 1M3d, 1Y) or a future timestamp in RFC 3339 format (e.g. 2025-06-18T00:00:00Z).\n- `-c`, `--claim=CLAIM`: key=value pair to add to the token (e.g. role=admin), or '-' to read claims as JSON from stdin. Can be specified multiple times.\n\nExamples:\n- Create a signed v4 token which expires one hour from now:\n  ```sh\n  $ paseto sign --key-file v4-priv.key\n  v4.public.eyJleHAiOiIyMDI1LTA2LTE3VDEzOjAwOjAwWiIsImlhdCI6IjIwMjUtMDYtMTdUMTI6MDA6MDBaIiwibmJmIjoiMjAyNS0wNi0xN1QxMjowMDowMFoifXMMUWTRJKhb0l5upxXaGVS0ZjZEVfgjO22K74N89MuOrWzTAsHvOSXVBXbV7_7kp0KwBIrhCrBZYwVu5iSaQAc\n  ```\n\n- Create a signed v4 token with custom claims which expires one week from now:\n  ```sh\n  $ paseto sign --key-file v4-priv.key --claim role=admin --expiration=1w\n  v4.public.eyJleHAiOiIyMDI1LTA2LTI0VDEyOjAwOjAwWiIsImlhdCI6IjIwMjUtMDYtMTdUMTI6MDA6MDBaIiwibmJmIjoiMjAyNS0wNi0xN1QxMjowMDowMFoiLCJyb2xlIjoiYWRtaW4ifQgLXjFzQ-Plrr7DDgOCuuZNxur7KSkaiYCYhoEn-4uY1pc3qIqwKq1CF4CBwqHmplNuzP9RZvZR-n9sZmzGOQM\n  ```\n\n- Create a signed v3 token with custom claims from JSON which expires in October 2025:\n  ```sh\n  $ echo '{\"exp\":\"2025-10-01T10:00:00Z\",\"iat\":\"2025-06-17T12:00:00Z\",\"nbf\":\"2025-06-17T12:00:00Z\",\"role\":\"admin\",\"priority\":1}' \\\n    | paseto sign --protocol-version 3 --key-file v3-priv.key --claim - --claim sub=Bob\n  v3.public.eyJleHAiOiIyMDI1LTEwLTAxVDEwOjAwOjAwWiIsImlhdCI6IjIwMjUtMDYtMTdUMTI6MDA6MDBaIiwibmJmIjoiMjAyNS0wNi0xN1QxMjowMDowMFoiLCJwcmlvcml0eSI6MSwicm9sZSI6ImFkbWluIiwic3ViIjoiQm9iIn2q6KeNntB3mMmHqUnlpXmuPgcK_nQ4owJ7m4AC7q3HAwcMIdY0myT4HpTyDQusGxHJGwYaZEVhXeJ857tw2cDz8Y2kDqMjd4VDyPGvEMU8XCtk2CW2VBySnZ2CzNVWVSk\n  ```\n\n\n### Creating encrypted tokens\n\nThe `encrypt` command creates encrypted tokens using a symmetric key file created by the `genkey local` command. The usage is the same as the `sign` command.\n\nFlags:\n- `-v`, `--protocol-version=\"4\"`: Version of the PASETO protocol. Valid values: 2,3,4\n- `-k`, `--key-file=STRING`: Path to a symmetric key file to encrypt the token.\n- `-e`, `--expiration=1h`: Token expiration as a duration from now (e.g. 5m, 1h, 3d, 1M3d, 1Y) or a future timestamp in RFC 3339 format (e.g. 2025-06-18T00:00:00Z).\n- `-c`, `--claim=CLAIM`: key=value pair to add to the token (e.g. role=admin), or '-' to read claims as JSON from stdin. Can be specified multiple times.\n\nExamples:\n- Create an encrypted v3 token which expires three days from now:\n  ```sh\n  $ paseto encrypt --protocol-version 3 --key-file v3-sym.key --expiration 3d\n  v3.local.DJnSz6coQrj4eNIS0JyUju-Txmz5s96RysB72gW8GDCudMWerQq5yzkg5g0bi081VwpE6_5CkNNruY_276kh-kA79yqpvnjyQ8ZAZw_sfcD7y8rVJFdFAa1KWF5kEiJcq6B45ZPYzPIHrg7FF_xALgeWI_IMPetgJQj7Pzy_1lnT1Ipr5C1D-BFk6M4uov9pTeX_B3GgdzJGZfFV1mxOSc8FPlKvuqnP\n  ```\n\n\n### Parsing tokens\n\nThe `parse` command parses, verifies or decrypts tokens, optionally validates them, and writes their claim data to stdout. Validation is enabled by default, but it can be disabled by passing `--no-validate`.\n\nArguments:\n- `\u003ctoken\u003e`: the token\n\nFlags:\n- `-k`, `--key-file=STRING`: Path to a key file to verify or decrypt the token (public key for signed tokens, shared key for encrypted tokens).\n- `-o`, `--output-format=\"text\"`: Token output format. Valid values: text,json\n- `--[no-]validate`: Whether to validate the token.\n- `-t`, `--time-skew-tolerance=30s`: Amount of time to allow token claim times (iat, nbf, exp) to be from the current system time to account for clock skew between systems.\n\nExamples:\n- Parse, verify, and validate a signed v4 token:\n  ```sh\n  $ paseto parse --key-file v4-pub.key \\\n      v4.public.eyJleHAiOiIyMDI1LTA2LTI0VDEyOjAwOjAwWiIsImlhdCI6IjIwMjUtMDYtMTdUMTI6MDA6MDBaIiwibmJmIjoiMjAyNS0wNi0xN1QxMjowMDowMFoiLCJyb2xlIjoiYWRtaW4ifQgLXjFzQ-Plrr7DDgOCuuZNxur7KSkaiYCYhoEn-4uY1pc3qIqwKq1CF4CBwqHmplNuzP9RZvZR-n9sZmzGOQM\n  Issued At:   2025-06-17 12:00:00 +0000 UTC\n  Not Before:  2025-06-17 12:00:00 +0000 UTC\n  Expiration:  2025-06-24 12:00:00 +0000 UTC\n  \n  Custom Claims\n  -------------\n  role:  admin\n  ```\n\n- Parse, decrypt, and validate an encrypted v3 token, and output its claim data in JSON format:\n  ```sh\n  $ paseto parse --key-file v3-sym.key --output-format json \\\n      v3.local.DJnSz6coQrj4eNIS0JyUju-Txmz5s96RysB72gW8GDCudMWerQq5yzkg5g0bi081VwpE6_5CkNNruY_276kh-kA79yqpvnjyQ8ZAZw_sfcD7y8rVJFdFAa1KWF5kEiJcq6B45ZPYzPIHrg7FF_xALgeWI_IMPetgJQj7Pzy_1lnT1Ipr5C1D-BFk6M4uov9pTeX_B3GgdzJGZfFV1mxOSc8FPlKvuqnP\n  {\n    \"exp\": \"2025-06-20T12:00:00Z\",\n    \"iat\": \"2025-06-17T12:00:00Z\",\n    \"nbf\": \"2025-06-17T12:00:00Z\"\n  }\n  ```\n\n\n## License\n\n[MIT](/LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackfixme%2Fpaseto-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhackfixme%2Fpaseto-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackfixme%2Fpaseto-cli/lists"}