Opal CLI

Developers can use the Opal CLI to:

Assume IAM roles, Kubernetes roles, start database sessions, and SSH sessions
Get information on a particular resource
Use SCP to copy files to and from a compute instance

Requirements

Before you begin, install the following:

Installation

OSX

To install the Opal CLI using Homebrew:

brew install opalsecurity/brew/opal-security

To upgrade the CLI, use:

brew update
brew upgrade opal-security

Linux and Windows

On these platforms, you can install directly from npm:

npm install -g opal-security

Usage

See the Opal CLI npm page for a list of all available CLI commands.

Authentication

Use opal login to authenticate to the Opal CLI. This creates an authentication session token and stores it securely for future commands. This token expires based on your organization settings, found in Organization Settings > Authentication > Login session lifetime.

On OSX, the keychain stores this token.

On Linux and Windows, the CLI requires a separate password to store this token securely. Use a password that differs from your Opal and existing passwords. You'll be prompted for this password on all subsequent CLI calls.

Troubleshooting

If you run into errors from Node (e.g. incompatible architecture), make sure your local environment is using the Node version that you installed the Opal CLI on.

If you're using nvm, you can view a list of installed Node versions via nvm ls and switch using nvm use <VERSION>.