govc is a vSphere CLI built on top of govmomi.
The CLI is designed to be a user friendly CLI alternative to the GUI and well suited for automation tasks. It also acts as a test harness for the govmomi APIs and provides working examples of how to use the APIs.
You can find prebuilt govc binaries on the releases page.
Download and install a binary locally like this:
% curl -L $URL_TO_BINARY | gunzip > /usr/local/bin/govc % chmod +x /usr/local/bin/govc
To build govc from source, first install the Go toolchain.
Make sure to set the environment variable GOPATH.
You can then install the latest govc from github using:
% go get -u github.com/vmware/govmomi/govc
$GOPATH/bin is in your
PATH to use the version installed from source.
If you've made local modifications to the repository at
$GOPATH/src/github.com/vmware/govmomi, you can install using:
% go install github.com/vmware/govmomi/govc
For the complete list of commands and flags, refer to the USAGE document.
Common flags include:
-u: ESXi or vCenter URL (ex:
-debug: Trace requests and responses (to
Managed entities can be referred to by their absolute path or by their relative
path. For example, when specifying a datastore to use for a subcommand, you can
either specify it as
/mydatacenter/datastore/mydatastore, or as
mydatastore. If you're not sure about the name of the datastore, or even the
full path to the datastore, you can specify a pattern to match. Both
/*center/*/my* (absolute) and
my*store (relative) will resolve to the same
datastore, given there are no other datastores that match those globs.
The relative path in this example can only be used if the command can
umambigously resolve a datacenter to use as origin for the query. If no
datacenter is specified, govc defaults to the only datacenter, if there is only
one. The datacenter itself can be specified as a pattern as well, enabling the
-dc='my*' -ds='*store'. The datastore pattern is looked
up and matched relative to the datacenter which itself is specified as a
Besides specifying managed entities as arguments, they can also be specified using environment variables. The following environment variables are used by govc to set defaults:
GOVC_URL: URL of ESXi or vCenter instance to connect to.
The URL scheme defaults to
httpsand the URL path defaults to
/sdk. This means that specifying
user:pass@hostis equivalent to
If username or password includes special characters like
:you can use
GOVC_PASSWORDto have a simple
When using govc against VMware Workstation, GOVC_URL can be set to "localhost" without a user or pass, in which case local ticket based authentication is used.
GOVC_USERNAME: USERNAME to use if not specified in GOVC_URL.
GOVC_PASSWORD: PASSWORD to use if not specified in GOVC_URL.
GOVC_TLS_CA_CERTS: Override system root certificate authorities.
$ export GOVC_TLS_CA_CERTS=~/.govc_ca.crt # Use path separator to specify multiple files: $ export GOVC_TLS_CA_CERTS=~/ca-certificates/bar.crt:~/ca-certificates/foo.crt
GOVC_TLS_KNOWN_HOSTS: File(s) for thumbprint based certificate verification.
Thumbprint based verification can be used in addition to or as an alternative to
GOVC_TLS_CA_CERTSfor self-signed certificates. Example:
$ export GOVC_TLS_KNOWN_HOSTS=~/.govc_known_hosts $ govc about.cert -u host -k -thumbprint | tee -a $GOVC_TLS_KNOWN_HOSTS $ govc about -u user:pass@host
GOVC_TLS_HANDSHAKE_TIMEOUT: Limits the time spent performing the TLS handshake.
GOVC_INSECURE: Disable certificate verification.
This option sets Go's
tls.Config.InsecureSkipVerifyflag and is false by default. Quoting https://golang.org/pkg/crypto/tls/#Config:
InsecureSkipVerifycontrols whether a client verifies the server's certificate chain and host name.
InsecureSkipVerifyis true, TLS accepts any certificate presented by the server and any host name in that certificate.
In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing.
GOVC_GUEST_LOGIN: Guest credentials for guest operations
GOVC_VIM_NAMESPACE: Vim namespace defaults to
GOVC_VIM_VERSION: Vim version defaults to
If you're using environment variables to set
GOVC_URL, verify the values are set as expected:
% govc env
Check your proxy settings:
% env | grep -i https_proxy
Test connection using curl:
% curl --verbose -k -X POST https://x.x.x.x/sdk
Inventory path arguments with a leading '/' are subject to Posix path conversion.
Several examples are embedded in the govc command help
Changes to the cli are subject to semantic versioning.
Refer to the CHANGELOG for version to version changes.
When new govc commands or flags are added, the PATCH version will be incremented. This enables you to require a minimum version from within a script, for example:
% govc version -require 0.14
Projects using govc
govc is available under the Apache 2 license.