Skip to main content

Styra CLI

The Styra CLI provides the full power of Styra from your terminal.

Install the CLI

info

The CLI binaries listed in this section are for version: 0.9.0.

  1. Download and install the CLI for your system by executing curl -o styra ${STYRA_CLI_URL} command on your terminal.

    Table 1 - CLI Download Links
    OSDownload Link
    macOS M1https://docs.styra.com/bin/darwin/arm64/styra
    macOShttps://docs.styra.com/bin/darwin/amd64/styra
    Linuxhttps://docs.styra.com/bin/linux/amd64/styra
    Windowshttps://docs.styra.com/bin/windows/amd64/styra.exe
  2. Copy the downloaded file as styra or styra.exe in your shell's executable path.

    mv styra /usr/local/bin/styra
  3. For Mac and Linux systems, it is required to change the permissions of the downloaded file to make it executable. To change the file permissions in the directory where you downloaded the file, run:

    chmod u+x /usr/local/bin/styra`
  4. Test the installation.

    styra --help
note

If you are using a Mac and see an error that Styra CLI "can't be opened because Apple cannot check it for malicious software" you can add an exception by running xattr -d com.apple.quarantine /usr/local/bin/styra. This is only necessary once after installing a new version of the CLI.

Docker Container

The official build of the Styra CLI is located on hub.docker.com/r/styra-cli.

Run the CLI by executing docker run -v $HOME:/home/styra styra/cli and use the following instructions.

Install the Custom CA Certificates

Services that Styra CLI must access can be configured with a server certificate issued by a custom CA. In order to validate the certificate presented from the service, the corresponding CA certificate must be added to Styra CLI client. You can use the environment variable SSL_CERT_DIR to point to the directory where the CA certificate(s) are located in the container. The CA certificates directory can be mounted using the Docker volume option (-v) when starting the Styra or CLI container.

For example:

docker run -v $HOME:/home/styra \
-v /host/etc/certs:/container/etc/certs \
-e SSL_CERT_DIR="/container/etc/certs" \
styra/cli

Create a Configuration File

The Styra CLI needs your organization id and an authentication token. You may provide these values from a configuration file or environment variable. The command ./styra configure can be used to create a configuration file.

The following values can be retrieved from the environment variable:

Table 2 - Environment Variables and Values
ENVVALUE
STYRA_ORGANIZATION_ID<das-id>.styra.com
STYRA_TOKENUse value from Step 1

For example:

STYRA_ORGANIZATION_ID='<das-id>.styra.com' \
STYRA_TOKEN='<value from token created in UI>' \
./styra

Evaluate Policies

To use Terraform along with the Styra CLI to check Terraform plans against OPA policies. The Styra CLI embeds OPA in a command called vet that was designed to evaluate policies against a JSON file on a laptop or a CI/CD pipeline. The styra-cli vet command is provided with list of files or directories in the command line and OPA configuration from the current directory (location could be changed through the command line flag). Then it takes all JSON and YAML files from provided directories and runs your system's main rule with each file contents as an input, displays the results, and also produces decision logs like OPA would normally do. This can be used for any system-type and cases besides Terraform. For Terraform, it is already pre-configured in such a way that you can use styra-cli vet to validate your Terraform plan files after converting them to JSON.