ZLI Reference Manual
The BastionZero
zli
is an exec level command line interface client that provides users the ability to connect, tunnel, and manage their targets' policies.The
zli
is an open-source project licensed under the Apache License, version 2.0. Details on how to download are available here.Pro tip: For convenience, move your download of the
zli
into your bin $PATH
. (Read more about $PATH
)The following tables list all the
zli
commands and their functions.You can run
zli help
at any time to list all the available commands in the CLI.Note: all commands are case-insensitive (lowercase and uppercase letters don't matter; e.g.,
zli login
is the same as zli LoGiN
)Command | Description |
---|---|
Authenticates a user to the service using your SSO provider | |
Connect to target | |
Tunnel to a Kubernetes cluster | |
Update the default target group used when tunneling to a Kubernetes cluster | |
List existing policies and their BastionZero users, SSO groups, target users and target groups. Update these fields for a specific policy. Create a new cluster, target connect, session recording, or proxy policy. | |
Get detailed information about what policies apply to a certain cluster. This command has been refactored into zli policy . | |
Disconnect the bctl daemon | |
Attach to an open zli connection | |
Close an open zli connection | |
List all targets | |
List all open zli connections | |
List all daemons running on this machine | |
List all of the organization's BastionZero users. Add or remove a policy's BastionZero users. This command has been refactored into zli policy . | |
List all of the organization's SSO groups. Add or remove a policy's SSO groups. This command has been refactored into zli policy . | |
Generate ssh configuration to be used with the ssh-proxy command | |
Tunnel an SSH connection to a BZero or SSM target | |
Returns the configuration path for the zli client | |
Generate a bash script to autodiscover an SSM target | |
Start an interactive onboarding session to add your SSH hosts to BastionZero | |
Generate files for Kubernetes, SSH, SSH proxy or bash scripts | |
Deauthenticate the client | |
kubectl wrapper | |