GatePlane CLI

Command-line interface for GatePlane - Just-In-Time Access Management.

📖 Overview

GatePlane CLI interacts with Vault/OpenBao instances an and consumes the APIs provided by the GatePlane Plugins.

Can work either with GatePlane Community or with GatePlane Services subscription (Team/Enterprise).

🎬 Usage Examples

Creating an Access Request

Approving an Access Request

Claiming Access

Synopsis

$ gateplane
GatePlane CLI provides command-line access to GatePlane gates for
requesting, approving, and claiming time-limited access to protected resources.

Usage:
 gateplane [command]

Available Commands:
 approve     Approve an access request
 auth        Authentication operations
 claim       Claim approved access
 completion  Generate the autocompletion script for the specified shell
 config      Manage configuration
 gates       Manage gates
 help        Help about any command
 request     Manage access requests
 status      Show dashboard of all active requests and pending approvals
 version     Show version information

Flags:
 -h, --help                 help for gateplane
 -o, --output string        Output format (table, json, yaml)
 -a, --vault-addr string    Vault server address
 -t, --vault-token string   Vault token for authentication

✨ Features

• Request Access: Submit access requests for protected resources
• Approve Requests: Review and approve pending access requests
• Claim Credentials: Retrieve time-limited credentials for approved requests
• Status Tracking: Monitor request status and access history
• (Team/Enterprise) Notifications: Requests, Approvals and Claims interact with the GatePlane Services to send Notifications

📦 Installation

Download the latest release binary for your platform from GitHub Releases or build from source:

goreleaser build --snapshot --clean

⚙️ Configuration

Configuration is stored under ~/.gateplane/config.yaml. Environment variables or CLI flags and override the stored configuration.

• VAULT_ADDR: Vault server address
• VAULT_TOKEN: Vault authentication token

Or use flags: --vault-addr, --vault-token

~/.gateplane/config.yaml

defaults:
    # The output format can be 'table', 'json', 'yaml'
    # Also changeable with -o/--output
    output_format: table
    # This gate is assumed if no [gate]
    # positional argument is provided
    gate: "gates/production/ssh"
# Connectivity for Vault/OpenBao
# can override with Env Vars
vault:
    address: https://vault.example.com:8200
    token: "<vault-token>"
    namespace: ""
# Connectivity with GatePlane Services
# Set the ClientID/Audience of
# a subscribed Vault/OpenBao instance and run:
# > gateplane auth service login
# > gateplane auth service status
service:
    client_id: <vault-gateplane-oidc-client-id>
    jwt: "<gateplane-token>"

⚖️ License

This project is licensed under the Elastic License v2.

This means:

• ✅ You can use, fork, and modify it for yourself or within your company.
• ✅ You can submit Pull Requests and redistribute modified versions (with the license attached).
• ❌ You may not sell it, offer it as a paid product, or use it in a hosted service (e.g: SaaS).
• ❌ You may not re-license it under a different license.

In short: You can use and extend the code freely, privately or inside your business - just don’t build a business around it without our permission. This FAQ by Elastic greatly summarizes things.

See the ./LICENSES/Elastic-2.0.txt file for full details.