Skip to main content

Styra CLI

The Styra CLI provides the full power of Styra from your terminal.

Install the CLI


The CLI binaries listed in this section are for version: 0.10.4.

  1. Download and install the CLI for your system by executing curl -o styra ${STYRA_CLI_URL} command on your terminal.

    Table 1 - CLI Download Links
    OSDownload Link
    macOS M1 (ARM CPU)darwin/arm64/styra
    macOS (Intel CPU)darwin/amd64/styra
    Linux (ARM CPU)linux/arm64/styra
    Linux (Intel CPU)linux/amd64/styra
  2. Copy the downloaded file as styra or styra.exe in your shell's executable path.

    mv styra /usr/local/bin/styra
  3. For Mac and Linux systems, it is required to change the permissions of the downloaded file to make it executable. To change the file permissions in the directory where you downloaded the file, run:

    chmod u+x /usr/local/bin/styra
  4. Test the installation.

    styra --help

If you are using a Mac and see an error that Styra CLI "can't be opened because Apple cannot check it for malicious software" you can add an exception by running:

xattr -d /usr/local/bin/styra

This is only necessary once after installing a new version of the CLI.

Docker Container

The official build of the Styra CLI is located on

Run the CLI by executing docker run -v $HOME:/home/styra styra/cli and use the following instructions.

Install the Custom CA Certificates

Services that Styra CLI must access can be configured with a server certificate issued by a custom CA. In order to validate the certificate presented from the service, the corresponding CA certificate must be added to Styra CLI client. You can use the environment variable SSL_CERT_DIR to point to the directory where the CA certificate(s) are located in the container. The CA certificates directory can be mounted using the Docker volume option (-v) when starting the Styra or CLI container.

For example:

docker run -v $HOME:/home/styra \
-v /host/etc/certs:/container/etc/certs \
-e SSL_CERT_DIR="/container/etc/certs" \

Create a Configuration File

The Styra CLI needs your organization id and an authentication token. You may provide these values from a configuration file or environment variable. The command ./styra configure can be used to create a configuration file.

The following values can be retrieved from the environment variable:

Table 2 - Environment Variables and Values
STYRA_TOKENUse value from Step 1

For example:

STYRA_TOKEN='<value from token created in UI>' \

Evaluate Policies

The Styra CLI embeds OPA in a sub-command called vet that evaluates policies against a JSON file on a laptop or a CI/CD pipeline. This allows Styra CLI to be used with Terraform to check Terraform plans against OPA policies.

The styra-cli vet command accepts a list of files or directories in the command line and uses OPA configuration from the current directory (the location of the opa configuration could be changed through the --opaconfig command line flag). The OPA configuration helps styra-cli determine the system on DAS to vet the plan against.

On invocation, vet collects all JSON and YAML files from provided directories and runs the targeted system's main rule with each file contents as input and displays the results. It also produces decision logs like OPA would normally do. This can be used for any system-type and cases besides Terraform. For Terraform, it is already pre-configured in such a way that you can use styra-cli vet to validate your Terraform plan files after converting them to JSON.