Download the release for your operating system and extract it to a directory in your path. For example:
tar xzf jwctl-aarch64-apple-darwin.tar.gz
mv ./jwctl /usr/local/bin
jwctl --version
Most commands that interact with a JumpWire server will require the CLI to be authenticated. This is done with a token that can be set in a few different ways.
For one-off or scripted commands, the token can be set as either a CLI argument or environment variable.
# These formats are equivalent
jwctl -t mysecrettoken <COMMAND>
JW_TOKEN=mysecrettoken jwctl <COMMAND>
The token can also be persisted to disk for future use. jwctl
will attempt to load a token from ~/.config/jwctl/.token
. The token file can be created using the token command:
JW_TOKEN=mysecrettoken jwctl token set
jwctl <COMMAND>
The following sources are loaded and merged together for setting configuration options. Later sources will take precedence when there are conflicts:
- A configuration file at
~/.config/jwctl/config.yaml
- Environment variables. See below for details.
- Command line flags
All configuration options can be set using environment variables. Each variable is prefixed with JW_
. For example, the remote JumpWire URL can be configured by setting JW_URL
.
option | required? | description | examples |
---|---|---|---|
url |
y | URL of the JumpWire gateway | jwctl -u <URL> <COMMAND> , JW_URL=<URL> jwctl <COMMAND> |
token |
n | Bearer token for authentication | jwctl -t <TOKEN> <COMMAND> , JW_TOKEN=<TOKEN> jwctl <COMMAND> |
The url of the JumpWire gateway can also be set via a yaml file. This file needs to be saved under the user home directory: $HOME/.config/jwctl/config.yaml
url: http://localhost:4004
To persist the auth token to a local file, see the section above describing authentication.
Print a help message listing all commands. Can be passed a command to print the help message for a specific command.
Print the final configuration after merging together all configuration sources.
Store an authentication token to a persisted configuration file.
Check the token against the remote server. If it is valid, the associated permissions will be printed.
Generate a new token. Permissions must be passed in as pairs of method-action.
jwctl token generate get:token get:status
Retrieve the status of the remote server and print it.
Run a ping command to the remote server and print the response.
List all SSO identity providers configured on the JumpWire proxy server.
Start a login flow with an SSO provider.
List all databases of a given type. Currently supported types are postgresql
and mysql
.
Approve an authentication attempt to a proxied database. The token is generated automatically when connecting a database client to the JumpWire enginer without explicitly setting a password.
If the passed token is valid, jwctl will display a prompt to select which upstream database the proxy should connect to.
Generate a token for the specified client ID. The returned token is used when connecting a database client to JumpWire.
Different output formats can be specified with the --format
flag. By default, YAML formatting is used.
yaml
- all connection information is formatted as a YAML map.raw
- only the token is printed,url
- format as a connection string. This can usually be passed directly to a database client, such as psql.