CLI Tool
The Rampart CLI (rampart-cli) provides command-line access to authentication, user management, and token operations. It is useful for development workflows, scripting, and CI/CD pipelines.
Installation
Build from Source
git clone https://github.com/manimovassagh/rampart.git
cd rampart
make build-cli
The binary is output to ./bin/rampart-cli. Move it to a directory on your PATH:
sudo mv ./bin/rampart-cli /usr/local/bin/
Verify Installation
rampart-cli version
rampart-cli v1.0.0 (go1.22, linux/amd64)
Configuration
Set the Rampart server URL before using the CLI:
export RAMPART_SERVER=http://localhost:8080
Alternatively, pass it with every command using the --server flag:
rampart-cli --server http://localhost:8080 <command>
Commands
login
Authenticate with the Rampart server. Stores the token locally for subsequent commands.
rampart-cli login --server http://localhost:8080
You will be prompted for your email and password:
Email: admin@example.com
Password: ********
Login successful. Token stored at ~/.rampart/token.json
For non-interactive use (CI/CD):
rampart-cli login --email admin@example.com --password "$RAMPART_PASSWORD"
logout
Clear the stored authentication token:
rampart-cli logout
Token cleared. You are now logged out.
status
Check connectivity to the Rampart server and authentication status:
rampart-cli status
Server: http://localhost:8080
Status: healthy
Authenticated: yes
User: admin@example.com
Token Expires: 2026-03-05T11:00:00Z
whoami
Display the currently authenticated user's profile:
rampart-cli whoami
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"email": "admin@example.com",
"given_name": "Admin",
"family_name": "User",
"roles": ["admin"],
"organization": "default"
}
users list
List all users (requires admin role):
rampart-cli users list
ID EMAIL NAME ROLES
550e8400-e29b-41d4-a716-446655440000 admin@example.com Admin User admin
660e8400-e29b-41d4-a716-446655440001 jane@example.com Jane Smith user
Use --format json for JSON output:
rampart-cli users list --format json
users create
Create a new user (requires admin role):
rampart-cli users create \
--email jane@example.com \
--password "SecureP@ss123!" \
--first-name Jane \
--last-name Smith \
--role user
User created: 660e8400-e29b-41d4-a716-446655440001
users get
Retrieve details for a specific user by ID or email:
rampart-cli users get --email jane@example.com
{
"id": "660e8400-e29b-41d4-a716-446655440001",
"email": "jane@example.com",
"given_name": "Jane",
"family_name": "Smith",
"roles": ["user"],
"organization": "default",
"created_at": "2026-03-05T10:30:00Z",
"last_login": "2026-03-05T10:45:00Z"
}
token
Display and inspect the current access token:
rampart-cli token
Access Token (decoded):
{
"sub": "550e8400-e29b-41d4-a716-446655440000",
"iss": "http://localhost:8080",
"aud": "rampart",
"exp": 1741176000,
"iat": 1741172400,
"email": "admin@example.com",
"roles": ["admin"],
"org": "default"
}
Expires: 2026-03-05T11:00:00Z (valid for 42m remaining)
To output only the raw token string (useful for piping):
rampart-cli token --raw
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
version
Print the CLI version, Go version, and platform:
rampart-cli version
rampart-cli v1.0.0 (go1.22, linux/amd64)
Global Flags
| Flag | Description |
|---|---|
--server | Rampart server URL (overrides RAMPART_SERVER env var) |
--format | Output format: text (default), json |
--verbose | Enable verbose output for debugging |
--help | Show help for any command |
Token Storage
The CLI stores authentication tokens at ~/.rampart/token.json. This file is created with 0600 permissions (readable only by the current user). The token file contains:
{
"access_token": "eyJ...",
"refresh_token": "dGh...",
"expires_at": "2026-03-05T11:00:00Z",
"server": "http://localhost:8080"
}
The CLI automatically refreshes expired access tokens using the stored refresh token. If the refresh token is also expired, you will be prompted to log in again.