Search…
Package Managers
BastionZero's zero-trust command line interface (zli) and bzero-ssm-agent are both available for download via package managers. Specifically, our bzero-ssm-agent and zli are available via apt and yum, and the zli is also available on brew.
Platform
Packages available
apt
bzero-ssm-agent, zli
yum
bzero-ssm-agent, zli
brew
zli
Both bzero-ssm-agent and zli are supported on the x86 and amd64 platforms, and our bzero-ssm-agent is also compatible with arm64 platforms.
We also support downloading and installing our Kubernetes agent via helm!

Brew

If you are running MacOS or Linux, you can install the zli via Homebrew in a terminal window using: brew install bastionzero/tap/zli.

Yum

  • Use the yum-config-manager to add the BastionZero repo.
    • sudo yum-config-manager --add-repo https://download-yum.bastionzero.com/bastionzero.repo
  • Now you can install any of BastionZero's packages.
    • sudo yum install zli
    • sudo yum install bzero-ssm-agent

Apt

  • Install the BastionZero public key from the Ubuntu key-server.
    • sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E5C358E613982017
  • Add the BastionZero repo.
    • If you are using http (i.e. on a Ubuntu 14.x machine) please use:
      • sudo add-apt-repository 'deb http://download-apt.bastionzero.com/production/apt-repo stable main'
    • Else for https please use:
      • sudo add-apt-repository 'deb https://download-apt.bastionzero.com/production/apt-repo stable main'
  • Update the apt cache.
    • sudo apt update
  • Now you can install any of BastionZero's packages.
    • sudo apt install zli
      OR
    • sudo apt install bzero-ssm-agent

Activating the BastionZero Agent After Using Yum or Apt

Now that BastionZero's SSM Agent is installed on your machine, it needs to register itself with BastionZero. This can be accomplished with the following command:\
bzero-ssm-agent -registrationKey *your client_secret registration key*
Your registration key can be retrieved from the autodiscovery script from the web app or by using the API.
A description of all flags is provided below, any number of flags can be specified after bzero-ssm-agent.
Note: only the -registrationKey flag is required.
Flag
Description
-registrationKey
The registration secret key provisioned using the web app. It is an API key only usable for registering new targets. It is formatted as a base64 string.
-environmentName
(optional) The name of the environment you want to put the agent in. Can be provided in place of environmentId. If neither environmentName nor environmentId is provided, the target will be placed in the default environment and can be assigned a new environment via bastionzero.com.
-environmentId
(optional) The uuid of the environment you want to put the agent in. Can be provided in place of environmentName. If neither environmentName nor environmentId is provided, the target will be placed in the default environment and can be assigned a new environment via bastionzero.com.
-targetName
(optional) The desired name of the target. If no name is provided, this will default to the target’s host name.
-org
(optional) The unique identifier for your SSO instance. In Google, it’s referred to as orgID. In Microsoft, this is the tenantID. If you are using Okta, no -org is required.
-orgProvider
(optional) Your SSO provider, e.g., “google”, “microsoft”, “okta”, etc.. If neither the -org nor the -orgProvider are set, the information defaults to values provided by BastionZero during the registration process.
-y
(optional) If you're attempting to register a new version of the agent on a target that already had an agent installed, use the -y flag to force re-registration and create a new target. The old target will be deactivated.

Helm

  • Add the BastionZero Helm repo.
  • Install our Helm chart.
    • helm install bctl-agent bastionzero/bctl-quickstart --set apiKey=$API_KEY --set clusterName=helmcluster --namespace=bastionzero --create-namespace
We recommend referencing the Kubernetes Quick Start Guide to get started. This guide details how to generate an API key as well as how to set up policies.