cyral 2.5.6

The Cyral CLI tool

The Cyral CLI Tool

Use this tool to obtain credentials for accessing a data repo via the Cyral sidecar.

Notes

1. This tool does not work with Cyral versions before 3.0. If you are using an older version of Cyral, please use the gimme-db-token tool instead.

2. Use version 1.x of this tool for Cyral version 3.X and version 2.x for Cyral version 4.X and greater.

3. Command token works only with Cyral version 4.12 and greater.

---

Usage

cyral [OPTIONS] COMMAND [ARGS]...

The Cyral CLI

Options

Name	Description
--cp-address TEXT	Cyral Control Plane Address
--no-browser	Disable automatic browser launch for authentication
--idp TEXT	Identity Provider to use to authenticate to Cyral
--local-port INTEGER	Local port number for receiving OAuth2 redirects [default: 8005]
--stored-creds / --no-stored-creds	Use and/or store refresh token in ~/.cyral [default: stored-creds]
--offline-access / --no-offline-access	Obtain a (long lived) offline refresh token [default: no-offline-access]
--realm TEXT	Authentication realm (usually not needed) [default: default]
--version	Show the version and exit.
--help	Show this message and exit.

Commands

Name	Description
access	Access a data repo.
help	Prints detailed usage information including commands,...
sidecar	Sidecar related commands
token	Manage access tokens.

Usage

cyral help [OPTIONS]

Prints detailed usage information including commands, subcommands, and options.

Options

Name	Description
-f, --output-format [plain | md]	Output format [default: plain]
--help	Show this message and exit.

Usage

cyral token [OPTIONS] COMMAND [ARGS]...

Manage access tokens. By default, tokens are cached in a file. Use option --no-use-token-cache if you wish to disable token caching.

Options

Name	Description
--use-token-cache / --no-use-token-cache	Whether to use local token cache. [default: use-token-cache]
--help	Show this message and exit.

Commands

Name	Description
create	Create a new access token.
delete	Delete an access token.
list	Lists information about all currently valid access tokens.
show	Show the value of a cached access token.

Usage

cyral token create [OPTIONS]

Create a new access token.

Options

Name	Description
--validity INTEGER	Token validity in seconds (system default if not specified)
--name TEXT	Name of the access token, autogenerated if not specified
-h, --help	Show help message and exit.

Usage

cyral token list [OPTIONS]

Lists information about all currently valid access tokens. Actual token values are not shown.

Options

Name	Description
-f, --output-format [plain | json]	Output format [default: plain]
-h, --help	Show help message and exit.

Usage

cyral token delete [OPTIONS]

Delete an access token.

Options

Name	Description
-h, --help	Show help message and exit.
--token-id TEXT	ID of the token on which the action will be performed

Usage

cyral token show [OPTIONS]

Show the value of a cached access token.

Options

Name	Description
-h, --help	Show help message and exit.
--token-id TEXT	ID of the token on which the action will be performed

Usage

cyral access [OPTIONS] COMMAND [ARGS]...

Access a data repo.

Options

Name	Description
--token TEXT	Access token value to use (optional)
--auto-generate-token / --no-auto-generate-token	Generate a token automatically if needed [default: auto-generate-token]
--use-token-cache / --no-use-token-cache	Whether to use local token cache. [default: use-token-cache]
--help	Show this message and exit.

Commands

Name	Description
pg	Configure access to postgres databases via Cyral in .pgpass file.
repo	Obtain information to access a data repo
s3	Configure AWS profile for accessing S3 via Cyral sidecar.
token	Obtain access token for accessing a data repo.

Usage

cyral access token [OPTIONS]

Obtain access token for accessing a data repo. DEPRECATED: If your Cyral control plane has version v4.12.0 or later, use the cyral token create and cyral token show commands.

Options

Name	Description
-h, --help	Show help message and exit.

Usage

cyral access repo [OPTIONS]

Obtain information to access a data repo

Options

Name	Description
-n, --name TEXT	Repo name in Cyral (substring match)
--tag TEXT	Repo tag (substring match)
-t, --type [auroramysql | aurorapostgres | denodo | dremio | galera | mariadb | mongodb | mysql | oracle | postgresql | redshift | s3 | sqlserver]	Repo type
--repos-per-page INTEGER	Number of repos shown per page [default: 10]
-f, --output-format [plain | json]	Output format [default: plain]
-h, --help	Show help message and exit.

Usage

cyral access s3 [OPTIONS]

Configure AWS profile for accessing S3 via Cyral sidecar.

Options

Name	Description
--aws-profile TEXT	Name of the AWS profile to configure [default: cyral]
--autoconfigure / --no-autoconfigure	Autoconfigure (without confirmation) S3 proxy settings [default: no-autoconfigure]
--account-name TEXT	Preferred account name to use for accessing the s3 repo
--silent / --no-silent	Do not print confirmation messages [default: no-silent]
-h, --help	Show help message and exit.

Usage

cyral access pg [OPTIONS]

Configure access to postgres databases via Cyral in .pgpass file.

Options

Name	Description
--silent / --no-silent	Do not print confirmation messages [default: no-silent]
-h, --help	Show help message and exit.

Usage

cyral sidecar [OPTIONS] COMMAND [ARGS]...

Sidecar related commands

Options

Name	Description
--id TEXT	the id of the sidecar
--name TEXT	the name of the sidecar
--help	Show this message and exit.

Commands

Name	Description
get	Get information about sidecars in the control plane.
set	Set different sidecar options.

Usage

cyral sidecar get [OPTIONS]

Get information about sidecars in the control plane.

Options

Name	Description
-f, --output-format [yaml | json | table]	Output format [default: table]
-h, --help	Show help message and exit.

Usage

cyral sidecar set [OPTIONS] COMMAND [ARGS]...

Set different sidecar options.

Options

Name	Description
--help	Show this message and exit.

Commands

Name	Description
log-level	Set the log level for a sidecar service.

Usage

cyral sidecar set log-level [OPTIONS]

Set the log level for a sidecar service. The argument can be of the form (log level applicable to all services) or : (log level for a specific service). can be one of fatal, error, warn, info, debug, or trace. The list of services may vary depending on the sidecar version and configuration. This option can be specified multiple times, the last log level specified for a service is the one that is set.

Examples

set the level for all services

cyral sidecar set log-level --level debug

set the level for a single service

cyral sidecar set log-level --level dispatcher:warn

set the level for multiple services

cyral sidecar set log-level --level dispatcher:warn --level pg-wire:debug

Options

Name	Description
--level TEXT	requested log level
-h, --help	Show help message and exit.

---

Release Notes

2.5.6

• (Bug fix) Add missing PyYAML dependency.

2.5.5

• (Bug fix) Fix the bug where attempting to set log level for a service may give error "service does not exist".

2.5.4

• (Bug fix) Remove dependency on awscli 1.x package and use awscli-plugin-proxy instead of awscli-plugin-s3-proxy to avoid clobbering of awscli installation.

2.5.3

• (Bug fix) Fix possible unexpected exception in access s3 command.

2.5.2

• (Bug fix) Fix bug in access token command for older (< v4.12) control planes.

2.5.1

• (Enhancement) Add --no-browser flag to disable automatic browser launch for authentication.
• (Enhancement) Add --auto-token-generation option.

2.5.0

• (Enhancement) Add access token management commands and token cache.
• (Refactor) Update access commands to use new token interactions.

2.4.0

• (Enhancement) Add help command for comprehensive command help.
• (Bug Fix) Disable option validity checking when --help is specified.

2.3.0

• (Enhancement) Allow users to choose account name for S3 access.

2.2.4

• (Chore) Update dependency versions.

2.2.3

• (Enhancement) Support new certificate download endpoint on Cyral Control Plane.

2.2.2

• (Bug Fix) Support aws s3api command.

2.2.1

• (Bug Fix) Make changes compatible with Python version 3.9.

2.2.0

• (Enhancement) Add sidecar command.

2.1.1

• (Enhancement) Add --realm option to support some older control planes.

2.0.1

• (Bug Fix) Choose non-proxy mode port for S3 repo.

2.0.0

• (Enhancement) Add support for Cyral Control Plane v4.x.

---