{"id":17215664,"url":"https://github.com/infamousjoeg/cybr-cli","last_synced_at":"2025-04-07T11:09:30.244Z","repository":{"id":37362053,"uuid":"284538067","full_name":"infamousjoeg/cybr-cli","owner":"infamousjoeg","description":"A \"Swiss Army Knife\" command-line interface (CLI) for easy human and non-human interaction with @CyberArk suite of products.","archived":false,"fork":false,"pushed_at":"2024-12-11T23:33:42.000Z","size":493886,"stargazers_count":73,"open_issues_count":19,"forks_count":15,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-03-31T09:06:14.304Z","etag":null,"topics":["cli","client-library","command-line","command-line-interface","command-line-tool","conjur","cyberark","cyberark-identity","cyberark-pas","go","golang","iam","identity-security","pas-api","privileged-access-security","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/infamousjoeg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"infamousjoeg"}},"created_at":"2020-08-02T20:41:16.000Z","updated_at":"2024-11-20T14:12:39.000Z","dependencies_parsed_at":"2023-02-18T09:15:59.095Z","dependency_job_id":"4b7008c3-2b91-42fa-9aa9-5a7a237f8483","html_url":"https://github.com/infamousjoeg/cybr-cli","commit_stats":{"total_commits":133,"total_committers":6,"mean_commits":"22.166666666666668","dds":"0.48120300751879697","last_synced_commit":"79a40d6896328378ca9ba1e544e10b3d7881fe3e"},"previous_names":["infamousjoeg/pas-api-go"],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infamousjoeg%2Fcybr-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infamousjoeg%2Fcybr-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infamousjoeg%2Fcybr-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infamousjoeg%2Fcybr-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/infamousjoeg","download_url":"https://codeload.github.com/infamousjoeg/cybr-cli/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247640465,"owners_count":20971557,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","client-library","command-line","command-line-interface","command-line-tool","conjur","cyberark","cyberark-identity","cyberark-pas","go","golang","iam","identity-security","pas-api","privileged-access-security","security"],"created_at":"2024-10-15T03:25:14.740Z","updated_at":"2025-04-07T11:09:30.220Z","avatar_url":"https://github.com/infamousjoeg.png","language":"Go","funding_links":["https://github.com/sponsors/infamousjoeg","https://www.buymeacoffee.com/infamousjoeg"],"categories":[],"sub_categories":[],"readme":"# cybr-cli \u003c!-- omit in toc --\u003e\n\n![image](https://github.com/infamousjoeg/cybr-cli/assets/1924063/ff018174-2880-46f1-bd24-3262d1276b41)\n\nA \"Swiss Army Knife\" command-line interface (CLI) for easy human and non-human interaction with CyberArk's suite of products.\n\nCurrent products supported:\n* CyberArk Identity Security Platform Shared Services (ISPSS)\n* CyberArk Privilege Cloud SaaS\n* CyberArk Self-Hosted Privileged Access Manager (PAM)\n* CyberArk Secrets Manager Central Credential Provider (CCP)\n* CyberArk Conjur Secrets Manager Enterprise \u0026 [Open Source](https://conjur.org)\n* CyberArk Cloud Entitlements Manager ([Free trial](https://www.cyberark.com/try-buy/cloud-entitlements-manager/))\n\n**Want to get dangerous quickly?** Check out the example bash script at [dev/add-delete-pas-application.sh](dev/add-delete-pas-application.sh).\n\n[![cybr-cli CI](https://github.com/infamousjoeg/cybr-cli/workflows/cybr-cli%20CI/badge.svg)](https://github.com/infamousjoeg/cybr-cli/actions?query=workflow%3A%22cybr-cli+CI%22) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=infamousjoeg_pas-api-go\u0026metric=alert_status)](https://github.com/infamousjoeg/cybr-cli/actions?query=workflow%3ALint) [![CodeQL](https://github.com/infamousjoeg/cybr-cli/workflows/CodeQL/badge.svg)](https://github.com/infamousjoeg/cybr-cli/actions?query=workflow%3ACodeQL) [![](https://img.shields.io/github/downloads/infamousjoeg/cybr-cli/latest/total?color=blue\u0026label=Download%20Latest%20Release\u0026logo=github)](https://github.com/infamousjoeg/cybr-cli/releases/latest)\n\n## Table of Contents \u003c!-- omit in toc --\u003e\n\n- [Install](#install)\n\t- [MacOS](#macos)\n\t- [Windows](#windows)\n        - [Linux](#linux)\n\t- [AWS CloudShell](#aws-cloudshell)\n\t- [Install from Source](#install-from-source)\n- [Usage](#usage)\n\t- [Authenticating with authn-iam (AWS IAM Role Authentication)](#authenticating-with-authn-iam-aws-iam-role-authentication)\n\t- [Authenticating to Privilege Cloud via ISPSS (Identity)](#authenticating-to-privilege-cloud-via-ispss-identity)\n\t\t- [Password Authentication](#password-authentication)\n\t\t- [MFA Authentication](#mfa-authentication)\n\t- [Documentation](#documentation)\n- [Autocomplete](#autocomplete)\n- [Example Source Code](#example-source-code)\n\t- [Logon to the PAS REST API Web Service](#logon-to-the-pas-rest-api-web-service)\n- [Security](#security)\n\t- [`cybr safes add-member --role` Role Permissions](#cybr-safes-add-member---role-role-permissions)\n- [Testing](#testing)\n- [Maintainers](#maintainers)\n- [Contributions](#contributions)\n- [License](#license)\n\n## Install\n\n### MacOS\n\n```shell\n$ brew tap infamousjoeg/tap\n$ brew install cybr-cli\n```\n\n### Windows\n\n```shell\n$ winget install InfamousJoeG.cybr-cli\n```\n\n### Linux\n\nDownload from the [Releases](https://github.com/infamousjoeg/cybr-cli/releases) page.\n\n\n### AWS CloudShell\n\n```shell\nmkdir -p ~/.local/bin \u0026\u0026 \\\ncurl --silent \"https://api.github.com/repos/infamousjoeg/cybr-cli/releases/latest\" |\n    grep '\"tag_name\":' |\n    sed -E 's/.*\"([^\"]+)\".*/\\1/' |\n    xargs -I {}  curl -o ~/.local/bin/cybr -sOL \"https://github.com/infamousjoeg/cybr-cli/releases/download/\"{}'/linux_cybr' \u0026\u0026 \\\nchmod +x ~/.local/bin/cybr\n```\n\n### Install from Source\n\n```shell\n$ git clone https://github.com/infamousjoeg/pas-api-go.git\n$ make install\n$ cybr help\n```\n\n## Usage\n\n* `$ cybr help` for top-level commands list\n* `$ cybr [command] -h` for specific command details and sub-commands list\n\n### Authenticating with authn-iam (AWS IAM Role Authentication)\n\nSet the following environment variables:\n\n* `CONJUR_ACCOUNT` - The Conjur account name\n* `CONJUR_APPLIANCE_URL` - The URL of the Conjur service (e.g. https://conjur.example.com)\n* `CONJUR_AUTHN_LOGIN` - The Host ID for the IAM role (e.g. `host/cloud/aws/ec2/1234567890/ConjurAWSRoleEC2`)\n* `CONJUR_AUTHENTICATOR` - The authenticator ID (e.g. `authn-iam`)\n* `CONJUR_AUTHN_SERVICE_ID` - The authenticator web service ID (e.g. `prod`)\n* `CONJUR_AWS_TYPE` - The AWS type (e.g. `ec2` or `ecs` or `lambda`)\n\nOnce environment variables are set, ensure no .conjurrc or .netrc exists in the user's home directory:\n\n`rm -f ~/.conjurrc ~/.netrc`\n\nThen run any command you wish to run within `cybr conjur`. Use the `--help` flag to see all available commands.\n\n### Authenticating to Privilege Cloud via ISPSS (Identity)\n\nYou will need to know the following information to authenticate to Privilege Cloud via ISPSS:\n\t* `-b, --base-url` - The base URL of CyberArk Cloud (e.g. https://example.cyberark.cloud or https://example.privilegecloud.cyberark.cloud)\n\t* `-u, --username` - The username of the Privilege Cloud user (e.g. joe.garcia@cyberark.cloud.1234)\n\n#### Password Authentication\n\n```shell\n$ cybr logon -u joe.garcia@cyberark.cloud.1234 -a identity -b https://example.cyberark.cloud\n+ Challenge #1\nEnter password:\n```\n\nAfter providing the password, if no other challenges are required, the CLI will handle the token exchange and a successful logon will be displayed.\n\n#### MFA Authentication\n\nIf MFA is required, the CLI will prompt for the challenge method to use out of those available:\n\n```shell\n$ cybr logon -u joe.garcia@cyberark.cloud.1234 -a identity -b https://example.cyberark.cloud\n+ Challenge #1\nEnter password:\n+ Challenge #2\n1. Email... @joe-garcia.com\n2. SMS... XXX-1234\n\u003e 2\nEnter code: 12341234\n```\n\nAfter providing the MFA code, if no other challenges are required, the CLI will handle the token exchange and a successful logon will be displayed.\n\n### Documentation\n\nAll commands are documentated [in the docs/ directory](docs/cybr.md).\n\n## Autocomplete\nThe `cybr` CLI has a `completion` command that can be used to enable autocomplete for the CLI.\nThe completion command is dependant on your shell type. Currently the only shells that are supported are: bash, zsh, fish and powershell.\n\nBelow is an example on how to enable `cybr` cli auto-completion from a zsh shell.\n```bash\n# enable shell completetion. Only needs to be performed once.\necho \"autoload -U compinit; compinit\" \u003e\u003e ~/.zshrc\n\n# create and write the auto-completion script.\n# ${fpath[1]} '1' may be different depending on your environment.\ncybr completion zsh \u003e \"${fpath[1]}/_cybr\"\n```\n\nIf you are using a different shell execute the `completion` command with the `--help` flag and follow instructions for the desired shell type.\n```bash\ncybr completion --help\n```\n\n## Example Source Code\n\n### Logon to the PAS REST API Web Service\n\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\t\"log\"\n\t\"os\"\n\n\tpasapi \"github.com/infamousjoeg/pas-api-go/pkg/cybr/api\"\n)\n\nvar (\n\thostname = os.Getenv(\"PAS_BASE_URL\")\n\tusername = os.Getenv(\"PAS_USERNAME\")\n\tpassword = os.Getenv(\"PAS_PASSWORD\")\n\tauthType = os.Getenv(\"PAS_AUTH_TYPE\")\n)\n\nfunc main() {\n\t// Logon to PAS REST API Web Services\n\ttoken, errLogon := pasapi.Logon(hostname, username, password, authType, false)\n\tif errLogon != nil {\n\t\tlog.Fatalf(\"Authentication failed. %s\", errLogon)\n\t}\n\tfmt.Printf(\"Session Token:\\r\\n%s\\r\\n\\r\\n\", token)\n}\n```\n\n## Security\n\nIf there is a security concern or bug discovered, please responsibly disclose all information to joe (dot) garcia (at) cyberark (dot) com.\n\n### `cybr safes add-member --role` Role Permissions\n\nAll safe member roles defined below are based on best practices and recommendations put forth by CyberArk's PAS Programs Office, creators of the CyberArk Blueprint for Identity Security.\n\n|Role|Safe Authorizations|\n|---|---|\n|BreakGlass|All authorizations except Authorize Password Requests|\n|VaultAdmin|- List Accounts\u003cbr\u003e- View Audit Log\u003cbr\u003e- View Safe Members|\n|SafeManager|- Manage Safe\u003cbr\u003e- Manage Safe Members\u003cbr\u003e- View Audit Log\u003cbr\u003e- View Safe Members\u003cbr\u003e- Access Safe w/o Confirmation|\n|EndUser|- Use/Retrieve/List Accounts\u003cbr\u003e- View Audit Log\u003cbr\u003e- View Safe Members|\n|Auditor|- List Accounts\u003cbr\u003e- View Audit Log\u003cbr\u003e- View Safe Members|\n|AIMWebService|No authorizations|\n|AppProvider|- Retrieve/List Accounts\u003cbr\u003e- View Safe Members|\n|ApplicationIdentity|- Retrieve/List Accounts|\n|AccountProvisioner|- List/Add/Delete Accounts\u003cbr\u003e- Update Password Properties\u003cbr\u003e- Initiate CPM Password Management Operations\u003cbr\u003e- View Audit Log\u003cbr\u003e- View Safe Members\u003cbr\u003e- Access Safe w/o Confirmation|\n|CPDeployer|- List/Add Accounts\u003cbr\u003e- Update Password Properties\u003cbr\u003e- Initiate CPM Password Management Operations\u003cbr\u003e- Manage Safe Member\u003cbr\u003e- View Audit Log, View Safe Members\u003cbr\u003e- Access Safe w/o Confirmation|\n|ComponentOrchestrator|- List/Add Accounts\u003cbr\u003e- Update Password Properties\u003cbr\u003e- Initiate CPM Password Management Operations\u003cbr\u003e- View Audit Log\u003cbr\u003e- Access Safe w/o Confirmation|\n|APIAutomation|- List/Add/Rename/Delete/Unlock Accounts\u003cbr\u003e- Update Password Content/Properties\u003cbr\u003e- Initiate CPM Password Management Operations\u003cbr\u003e- Manage Safe\u003cbr\u003e- Manage Safe Members\u003cbr\u003e- View Audit Log\u003cbr\u003e- View Safe Members\u003cbr\u003e- Create/Delete Folders\u003cbr\u003e- Move Accounts/Folders|\n|PasswordScheduler|- List Accounts\u003cbr\u003e- Initiate CPM Password Management Operation\u003cbr\u003e- View Audit Log\u003cbr\u003e- View Safe Members\u003cbr\u003e- Access Safe w/o Confirmation|\n|ApproverLevel1|- List Accounts\u003cbr\u003e- View Audit Log\u003cbr\u003e- View Safe Members\u003cbr\u003e- Authorize Password Requests (Level 1)|\n|ApproverLevel2|- List Acccounts\u003cbr\u003e- View Audit Log\u003cbr\u003e- View Safe Members\u003cbr\u003e- Authorize Password Requests (Level 2)|\n\n## Testing\n\nTo vet the code, run `make vet`.\nTo test the code, run `make test`.\nTo run all tests, run `make test-all`.\n\n## Maintainers\n\n[@infamousjoeg](https://github.com/infamousjoeg)\n\n[![Buy me a coffee][buymeacoffee-shield]][buymeacoffee]\n\n[buymeacoffee]: https://www.buymeacoffee.com/infamousjoeg\n[buymeacoffee-shield]: https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png\n\n[@AndrewCopeland](https://github.com/AndrewCopeland)\n\n## Contributions\n\nPull Requests are currently being accepted.  Please read and follow the guidelines laid out in [CONTRIBUTING.md]().\n\n## License\n\n[Apache 2.0](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfamousjoeg%2Fcybr-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finfamousjoeg%2Fcybr-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfamousjoeg%2Fcybr-cli/lists"}