Skip to content

Venafi CLI Tool reference guide

Usage

venctl command [flags]

Getting help with Venafi CLI tool commands

Use the following command to get information on individual venctl commands and their flags:

venctl [command] --help

venctl components kubernetes manifest generate

Generates a Venafi Kubernetes manifest for components.

The generated file can be used as an installation manifest by the Venafi CLI tool to install components into a Kubernetes cluster, which you can store in source control along with other infrastructure-as-code resources.

All supported components have flags to mark them for installation as well as for configuring other aspects of how the tool should be installed:

  • Custom helm chart repository
  • Custom image registry for inside the cluster
  • Custom version
  • Lists of values.yaml files which provide Helm values. For more information on the supported values for each component, see Component Helm values.

Dependencies of explicitly requested components are automatically included in the manifest.

Usage:

venctl components kubernetes manifest generate [flags]

Flags:

Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
--approver-policy Install the default version of Approver Policy. The Approver Policy version can be set manually with the --approver-policy-version flag. Do not use this flag if you have used --approver-policy-enterprise.
--approver-policy-custom-chart-repository string Custom OCI registry or Helm repository for Approver Policy charts. Overrides open source and Venafi enterprise images. The URL must include a scheme. Do not use this flag if you have used --approver-policy-enterprise.
--approver-policy-custom-image-registry string Custom OCI registry for pulling Approver Policy images. Do not use this flag if you have used --approver-policy-enterprise.
--approver-policy-values-files strings A comma-separated list of files providing Helm values for Approver Policy. These files are relative to the directory from which the Venafi CLI is run when syncing a manifest to a cluster.
--approver-policy-version string Use this flag to specify the Approver Policy version manually . Only use this flag with --approver-policy.
--approver-policy-enterprise Install the default version of Approver Policy Enterprise. The Approver Policy Enterprise version can be set manually with the --approver-policy-enterprise-version flag. Do not use this flag if you have used --approver-policy.
--approver-policy-enterprise-custom-chart-repository string Custom OCI registry or Helm repository for Approver Policy Enterprise charts. Overrides open source and Venafi enterprise images. The URL must include a scheme. Do not use this flag if you have used --approver-policy.
--approver-policy-enterprise-custom-image-registry string Custom OCI registry for pulling Approver Policy Enterprise images. Do not use this flag if you have used --approver-policy.
--approver-policy-enterprise-values-files strings A comma-separated list of files providing Helm values for Approver Policy Enterprise. These files are relative to the directory from which the Venafi CLI tool is run when syncing a manifest to a cluster.
--approver-policy-enterprise-version string Use this flag to specify the Approver Policy Enterprise version manually. Implies approver-policy-enterprise. Do not use this flag is you have used --approver-policy.
--aws-privateca-issuer Install the default version of AWS Private CA Issuer. The version can be set manually with the --aws-privateca-issuer-version flag.
--aws-privateca-issuer-custom-chart-repository strings Custom OCI registry or Helm repository for AWS Private CA Issuer charts. Overrides open source and Venafi enterprise images. The URL must include a scheme.
--aws-privateca-issuer-custom-image-repository string Custom OCI registry for pulling AWS Private CA Issuer images.
--aws-privateca-issuer-values-files strings A comma-separated list of files providing Helm values for AWS Private CA Issuer. These files are relative to the directory from which the Venafi CLI is run when syncing a manifest to a cluster.
--aws-privateca-issuer-version string Use this flag to specify the AWS Private CA Issuer version manually. Only use this flag with --aws-privateca-issuer.
--cert-manager Install the default version of cert-manager. The cert-manager version can also be set manually with --cert-manager-version. The default is true.
--cert-manager-custom-chart-repository string Custom OCI registry or Helm repository for cert-manager charts. Overrides open source and Venafi enterprise images. The URL must include a scheme.
--cert-manager-custom-image-registry string Custom OCI registry for pulling cert-manager images.
--cert-manager-values-files strings A comma-separated list of files from which Helm values for cert-manager should be read. These files are relative to the directory from which the Venafi CLI is run.
--cert-manager-version string Use this flag to specify the cert-manager version manually. Only use this flag with --cert-manager.
--csi-driver Install the default version of csi-driver. The csi-driver version can be set manually with the --csi-driver-version flag.
--csi-driver-custom-chart-repository string Custom OCI registry or Helm repository for csi-driver charts. Overrides open source and Venafi enterprise images. The URL must include a scheme. Only use this flag with --csi-driver.
--csi-driver-custom-image-registry string Custom OCI registry for pulling csi-driver images. Only use this flag with --csi-driver.
--csi-driver-values-files strings A comma-separated list of files providing Helm values for csi-driver. These files are relative to the directory from which the Venafi CLI is run when syncing a manifest to a cluster.
--csi-driver-version string Use this flag to specify ccsi-driver version manually. Only use this flag with --csi-driver.
--custom-chart-repository string Custom OCI registry or Helm repository from which charts should be pulled. Used by default for every component which doesn't have a manual override. If unspecified, per-component defaults apply. Only use this flag if you have set --region to custom. The URL must include a scheme.
--custom-image-registry string Custom OCI registry from which images are pulled in-cluster. Used by default for every component which doesn't have a manual override. If unspecified, the per-component defaults apply. Only use this flag if you have set --region to custom.
--default-approver If true, this flag enables the default approver in cert-manager. This prevents the installation of Approver Policy, and is not recommended in most cases.
--firefly Install the default version of Firefly. The version can be set manually with the --firefly-version flag.
--accept-firefly-tos Whether you accept the firefly terms of service. For more information, see the End User License Agreement.
--firefly-custom-chart-repository string Custom OCI registry or Helm repository for Firefly Issuer charts. Overrides open source and Venafi enterprise images. The URL must include a scheme.
--firefly-custom-image-repository string Custom OCI registry for pulling Firefly Issuer images.
--firefly-values-files strings A comma-separated list of files providing Helm values for Firefly. These files are relative to the directory from which the Venafi CLI is run when syncing a manifest to a cluster.
--firefly-version string Use this flag to specify the Firefly version manually. Only use this flag with --firefly.
-h, --help Help for venctl components kubernetes manifest generate.
--ignore-dependencies If set, no component is install that is not explicitly requested. This can lead to failed or broken installs if dependencies are not already present in the target cluster.
--image-pull-secret-names strings A comma-separated list of image pull secret names which must be used by all components. The default value is [venafi-image-pull-secret].
--install-open-source Whether to install open source versions of cert-manager, trust-manager and other cert-manager sub-projects.
--venafi-kubernetes-agent Install the default version of Venafi Kubernetes Agent. The Venafi Kubernetes Agent version can be set manually with the --venafi-kubernetes-agent-version flag.
--venafi-kubernetes-agent-custom-chart-repository string Custom OCI registry or Helm repository for trust-manager charts. Overrides open source and Venafi enterprise images. The URL must include a scheme. Only use this flag with --venafi-kubernetes-agent.
--venafi-kubernetes-agent-custom-image-registry string Custom OCI registry for pulling trust-manager images. Only use this flag with --venafi-kubernetes-agent.
--venafi-kubernetes-agent-values-files strings A comma-separated list of files providing Helm values for Venafi Kubernetes Agent. These files are relative to the directory from which the Venafi CLI is run when syncing a manifest to a cluster.
--venafi-kubernetes-agent-version string Use this flag to specify the Venafi Kubernetes Agent version manually. Only use this flag with --venafi-kubernetes-agent.
--namespace string The namespace into which all components must be installed. The default is venafi.
--no-prompts Allow command to run without user interaction.
--log-level string CLI log level (debug, info, warn, error). The default is info.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--region string The region from which images are pulled. Either us or eu (or custom, although this will be removed in a future release). The default is us. Not to be confused with the '--vcp-region' global flag.
--trust-manager Install the default version of trust-manager. The trust-manager version can be set manually with the --trust-manager-version flag.
--trust-manager-custom-chart-repository string Custom OCI registry or Helm repository for trust-manager charts. Overrides open source and Venafi enterprise images. The URL must include a scheme. Only use this flag with --trust-manager.
--trust-manager-custom-image-registry string Custom OCI registry for pulling trust-manager images. Only use this flag with --trust-manager.
--trust-manager-values-files strings A comma-separated list of files providing Helm values for trust-manager. These files are relative to the directory from which the Venafi CLI is run when syncing a manifest to a cluster.
--trust-manager-version string Use this flag to specify the trust-manager version manually. Only use this flag with --trust-manager.
--use-fips-images If set, use FIPS-compliant images for all components which have them.
--venafi-connection Install the default version of Venafi Connection.
--venafi-connection-custom-chart-repository string Custom OCI registry or Helm repository for Venafi Connection charts. Overrides open source and Venafi enterprise images. Must be a URL including a scheme
--venafi-connection-values-files strings A comma-separated list of files providing Helm values for Venafi Connection. These files are relative to the directory from which the Venafi CLI is run when syncing a manifest to a cluster.
--venafi-connection-version string Use this flag to specify the Venafi Connection version manually. Only use this flag with --venafi-connection.
--venafi-enhanced-issuer Install the default version of Venafi Enhanced Issuer. The version can be set manually with the --venafi-enhanced-issuer-version flag.
--venafi-enhanced-issuer-custom-chart-repository string Custom OCI registry for pulling Venafi Enhanced Issuer images.
--venafi-enhanced-issuer-custom-image-registry string Custom OCI registry or Helm repository for Venafi Enhanced Issuer charts. Overrides open source and Venafi enterprise images. The URL must include a scheme.
--venafi-enhanced-issuer-values-files strings A comma-separated list of files providing Helm values for Venafi Enhanced Issuer. These files are relative to the directory from which the Venafi CLI is run when syncing a manifest to a cluster.
--venafi-enhanced-issuer-version string Use this flag to specify the Venafi Enhanced Issuer version manually. Only use this flag with --venafi-enhanced-issuer
--vcp-region string The Venafi Control Plane region. The default is US.

venctl components kubernetes manifest print-versions

Output a list of all supported components along with their default versions.

Usage:

venctl components kubernetes manifest print-versions [flags]
Flags:

Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
-h, --help string Help for venctl components kubernetes manifest print-versions.
--log-level string CLI log level (debug, info, warn, error). The default is info.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--vcp-region string The Venafi Control Plane region. The default is US.

venctl components kubernetes manifest tool destroy

Destroys and then purges releases.

Usage:

venctl components kubernetes manifest tool destroy [flags]

Flags:

Flag Type Description
--allow-no-matching-release string Do not exit with an error code if the provided selector has no matching releases.
--api-key string API key you want to use to connect to Venafi Control Plane.
--args string Pass argumentss to helm exec.
--cascade string cCascade to helm exec. The default value is background.
-c, --chart string Set chart. Uses the chart set in release by default, and is available in template as "{{ .Chart }}".
--color Output with color.
--concurrency integer The maximum number of concurrent helm processes to run. 0 is unlimited.
--debug Enable verbose output for Helm and set log-level to debug. This disables --quiet/-q effect.
--disable-force-update Do not force helm repos to update when executing helm repo add.
--enable-live-output string Show live output from the Helm binary Stdout/Stderr into Helmfile own Stdout/Stderr. It only applies for the Helm CLI commands. Stdout/Stderr for Hooks are still displayed only when its execution finishes.
-e, --environment string Specify the environment name. Overrides HELMFILE_ENVIRONMENT OS environment variable when specified. The default is default.
-f, --file helmfile.yaml Load configuration from a file or directory. The default is helmfile.yaml, helmfile.yaml.gotmpl, or helmfile.d (means "helmfile.d/*.yaml" or "helmfile.d/*.yaml.gotmpl") in this preference. Specify - to load the configuration from the standard input.
-b, --helm-binary string The path to the helm binary. The default is helm.
-h, --help Help for venctl components kubernetes manifest tool destroy.
-i, --interactive string Request confirmation before attempting to modify clusters.
--kube-context string Set kubectl context. Uses the current context by default.
-k, --kustomize-binary string Path to the kustomize binary. The default is kustomize.
--log-level string CLI log level (debug, info, warn, error). The default is info.
-n, --namespace string Set namespace. Uses the namespace set in the context by default, and is available in templates as "{{ .Namespace }}".
--no-color Output without color.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
-q, --quiet string Silence output. Equivalent to log-level warn.
-l, --selector stringArray Only run using the releases that match labels. Labels can take the form of foo=bar or foo!=bar. A release must match all labels in a group in order to be used. Multiple groups can be specified at once. "--selector tier=frontend,tier!=proxy --selector tier=backend" will match all frontend, non-proxy releases AND all backend releases. The name of a release can be used as a label: "--selector name=myrelease"
--skip-deps Skip running helm repo update and helm dependency build.
--skip-charts Don't prepare charts when destroying releases.
--state-values-file stringArray Specify state values in a YAML file. Used to override .Values within the helmfile template (not the values template).
--state-values-set stringArray Set state values on the command line (you can specify multiple or separate values with commas: key1=val1,key2=val2). Used to override .Values within the helmfile template (not the values template).
--strip-args-values-on-exit-error Strip the potential secret values of the helm command arguments contained in a helmfile error message . The default is true.
--vcp-region string The Venafi Control Plane region. The default is US.

venctl components kubernetes manifest tool init

Initialize the Venafi Kubernetes Manifest tool. Performs version checking and downloads and installs Helm and other required plug-ins

Usage:

venctl components kubernetes manifest tool init [flags]

Flags:

Flag Type Description
--allow-no-matching-release string Do not exit with an error code if the provided selector has no matching releases.
--api-key string API key you want to use to connect to Venafi Control Plane.
-c, --chart string Set chart. Uses the chart set in release by default, and is available in template as "{{ .Chart }}".
--color Output with color.
--debug Enable verbose output for Helm and set log-level to debug. This disables --quiet/-q effect.
--disable-force-update Do not force helm repos to update when executing helm repo add.
--enable-live-output string Show live output from the Helm binary Stdout/Stderr into Helmfile own Stdout/Stderr. It only applies for the Helm CLI commands. Stdout/Stderr for Hooks are still displayed only when its execution finishes.
-e, --environment string Specify the environment name. Overrides HELMFILE_ENVIRONMENT OS environment variable when specified. The default is default.
-f, --file helmfile.yaml Load configuration from a file or directory. The default is helmfile.yaml, helmfile.yaml.gotmpl, or helmfile.d (means "helmfile.d/*.yaml" or "helmfile.d/*.yaml.gotmpl") in this preference. Specify - to load the configuration from the standard input.
--force Do not prompt, install dependencies required by helmfile.
-b, --helm-binary string The path to the helm binary. The default is helm.
-h, --help Help for venctl components kubernetes manifest tool init.
-i, --interactive string Request confirmation before attempting to modify clusters.
--kube-context string Set kubectl context. Uses the current context by default.
-k, --kustomize-binary string Path to the kustomize binary. The default is kustomize.
--log-level string CLI log level (debug, info, warn, error). The default is info.
-n, --namespace string Set namespace. Uses the namespace set in the context by default, and is available in templates as "{{ .Namespace }}".
--no-color Output without color.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
-q, --quiet string Silence output. Equivalent to log-level warn.
-l, --selector stringArray Only run using the releases that match labels. Labels can take the form of foo=bar or foo!=bar. A release must match all labels in a group in order to be used. Multiple groups can be specified at once. "--selector tier=frontend,tier!=proxy --selector tier=backend" will match all frontend, non-proxy releases AND all backend releases. The name of a release can be used as a label: "--selector name=myrelease"
--skip-deps Skip running helm repo update and helm dependency build.
--state-values-file stringArray Specify state values in a YAML file. Used to override .Values within the helmfile template (not the values template).
--state-values-set stringArray Set state values on the command line (you can specify multiple or separate values with commas: key1=val1,key2=val2). Used to override .Values within the helmfile template (not the values template).
--strip-args-values-on-exit-error Strip the potential secret values of the helm command arguments contained in a helmfile error message . The default is true.
--vcp-region string The Venafi Control Plane region. The default is US.

venctl components kubernetes manifest tool sync

Synchronize releases defined in the state file.

Usage:

venctl components kubernetes manifest tool sync [flags]

Flags:

Flag Type Description
--allow-no-matching-release string Do not exit with an error code if the provided selector has no matching releases.
--api-key string API key you want to use to connect to Venafi Control Plane.
--args string Pass argumentss to helm exec.
--cascade string cCascade to helm exec. The default value is background.
-c, --chart string Set chart. Uses the chart set in release by default, and is available in template as "{{ .Chart }}".
--color Output with color.
--concurrency integer The maximum number of concurrent helm processes to run. 0 is unlimited.
--debug Enable verbose output for Helm and set log-level to debug. This disables --quiet/-q effect.
--disable-force-update Do not force helm repos to update when executing helm repo add.
--enable-live-output string Show live output from the Helm binary Stdout/Stderr into Helmfile own Stdout/Stderr. It only applies for the Helm CLI commands. Stdout/Stderr for Hooks are still displayed only when its execution finishes.
-e, --environment string Specify the environment name. Overrides HELMFILE_ENVIRONMENT OS environment variable when specified. The default is default.
-f, --file helmfile.yaml Load configuration from a file or directory. The default is helmfile.yaml, helmfile.yaml.gotmpl, or helmfile.d (means "helmfile.d/*.yaml" or "helmfile.d/*.yaml.gotmpl") in this preference. Specify - to load the configuration from the standard input.
-b, --helm-binary string The path to the helm binary. The default is helm.
-h, --help Help for venctl components kubernetes manifest tool sync.
-i, --interactive string Request confirmation before attempting to modify clusters.
--include-needs Automatically include releases from the target release's "needs" when --selector/-l flag is provided. Does nothing when --selector/-l flag is not provided.
--include-transitive-needs Similar to --include-needs, but also includes transitive needs (needs of needs). Does nothing when --selector/-l flag is not provided. Overrides exclusions of other selectors and conditions.
--kube-context string Set kubectl context. Uses the current context by default.
-k, --kustomize-binary string Path to the kustomize binary. The default is kustomize.
--log-level string CLI log level (debug, info, warn, error). The default is info.
-n, --namespace string Set namespace. Uses the namespace set in the context by default, and is available in templates as "{{ .Namespace }}".
--no-color Output without color.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--post-renderer string Pass --post-renderer to helm template or helm upgrade --install.
--post-renderer-args stringArray Pass --post-renderer-args to helm template or helm upgrade --install.
-q, --quiet string Silence output. Equivalent to log-level warn.
--reset-values Override helmDefaults.reuseValues helm upgrade --install --reset-values.
--reuse-values Override helmDefaults.reuseValues helm upgrade --install --reuse-values.
-l, --selector stringArray Only run using the releases that match labels. Labels can take the form of foo=bar or foo!=bar. A release must match all labels in a group in order to be used. Multiple groups can be specified at once. "--selector tier=frontend,tier!=proxy --selector tier=backend" will match all frontend, non-proxy releases AND all backend releases. The name of a release can be used as a label: "--selector name=myrelease"
--set stringArray Additional values to be merged into the helm command --set flag.
--skip-crds If set, no CRDs are installed on sync. By default, CRDs are installed if not already present.
--skip-deps Skip running helm repo update and helm dependency build.
--skip-needs Do not automatically include releases from the target release's "needs" when --selector/-l flag is provided. Does nothing when--selector/-l flag is not provided. Defaults to true when --include-needs or --include-transitive-needs is not provided. The default is true.
--state-values-file stringArray Specify state values in a YAML file. Used to override .Values within the helmfile template (not the values template).
--state-values-set stringArray Set state values on the command line (you can specify multiple or separate values with commas: key1=val1,key2=val2). Used to override .Values within the helmfile template (not the values template).
--strip-args-values-on-exit-error Strip the potential secret values of the helm command arguments contained in a helmfile error message . The default is true.
--validate Validate your manifests against the Kubernetes cluster you are currently pointing at. Note that this requires access to a Kubernetes cluster to obtain information necessary for validating, similar to the sync of available API versions.
--values stringArray Additional value files to be merged into the helm command --values flag.
--vcp-region string The Venafi Control Plane region. The default is US.
--wait Override helmDefaults.wait setting helm upgrade --install --wait.
--wait-for-jobs Override helmDefaults.waitForJobs setting helm upgrade --install --wait-for-jobs.

venctl iam service-accounts agent create

Create a new service account that can be used by Venafi Kubernetes Agent.

Usage:

venctl iam service-accounts agent create [flags]

Example:

venctl iam service-accounts agent create --credential-format secret --name sa-agent --api-key xyz
Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
-h, --help string Help for venctl iam service-accounts agent create.
--credential-file string The file where you want to store the service account credentials.
--credential-format string Options for formatting the service account credentials output. Valid options are: json, secret, text. The default is text.
--log-level string CLI log level (debug, info, warn, error). The default is info.
--name, -n string The name or ID of the service account.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--owning-team string The team to set as the owner of the service account. The team can be passed by name or ID.
--validity integer The validity, in days, for the service account that is generated. The default value is 365 days.
--vcp-region string The Venafi Control Plane region. The default is US.

venctl iam service-accounts delete

Delete a service account from the Venafi Control Plane.

Usage:

venctl iam service-accounts delete [flags]

Example:

venctl iam service-accounts delete --name "My Service Account" --api-key xyz
Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
-h, --help string Help for venctl service-accounts delete.
--log-level string CLI log level (debug, info, warn, error). The default is info.
--name, -n string The name or ID of the service account.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--owning-team string The team to set as the owner of the service account. The team can be passed by name or ID.
--validity integer The validity, in days, for the service account that is generated. The default value is 365 days.
--vcp-region string The Venafi Control Plane region. The default is US.

venctl iam service-accounts describe

Provides information on a service account.

Usage:

venctl iam service-accounts describe [flags]

Example:

venctl iam service-accounts describe --api-key xyz -n myaccount --output json --no-prompts >> accinfo.json
Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
-h, --help string Help for venctl iam service-accounts describe.
--log-level string CLI log level (debug, info, warn, error). The default is info.
--name, -n string The name or ID of the service account.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--owning-team string The team to set as the owner of the service account. The team can be passed by name or ID.
--validity integer The validity, in days, for the service account that is generated. The default value is 365 days.
--vcp-region string The Venafi Control Plane region. The default is US.

venctl iam service-accounts firefly create

Create a service account for Venafi Firefly.

Usage:

venctl iam service-accounts firefly create [flags]

Examples:

To create a new service account that can be used by Venafi Firefly, type:

venctl iam service-accounts firefly create --name sa-firefly --api-key xyz

To export the service account credential in Kubernetes secret format, type:

venctl iam service-accounts firefly create --credential-format secret --name sa-firefly --api-key xyz
Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
-h, --help string Help for venctl iam service-accounts firefly create.
--credential-file string The file where you want to store the service account credentials.
--credential-format string Options for formatting the service account credentials output. Valid options are: json, secret, text. The default is json.
--log-level string CLI log level (debug, info, warn, error). The default is info.
-n, --name string The name or ID of the service account.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--owning-team string The team to set as the owner of the service account. The team can be passed by name or ID.
--validity integer The validity, in days, for the service account that is generated. The default value is 365 days.
--vcp-region string The Venafi Control Plane region. The default is US.

venctl iam service-accounts list

Lists the service accounts in the Venafi Control Plane.

Usage:

venctl iam service-accounts list [flags]

Example:

venctl iam service-accounts list --api-key xyz --output json --no-prompts >> acclist.json
Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
-h, --help string Help for venctl iam service-accounts list.
--log-level string CLI log level (debug, info, warn, error). The default is info.
--name, -n string The name or ID of the service account.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
-p, --page-size integer The number of service accounts displayed per page. Only valid for the table format. The default value is 20.
--owning-team string The team to set as the owner of the service account. The team can be passed by name or ID.
--validity integer The validity, in days, for the service account that is generated. The default value is 365 days.
--vcp-region string The Venafi Control Plane region. The default is US.

venctl iam service-accounts registry create

Create a new service account in the Venafi Control Plane for accessing container images from the Venafi OCI registry.

Usage:

venctl iam service-accounts registry create [flags]

Example:

venctl iam service-accounts registry create --name "My Service Account" --credential-file "venafi-image-pull-secret.json" --owning-team "My Platform Team" --scopes "enterprise-cert-manager" --validity 365 --api-key xyz
Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
-h, --help string Help for venctl service-accounts registry create.
--credential-file string The file where you want to store the service account credentials.
-f, --credential-format string Options for formatting the registry credentials output. Valid options are: json, secret, dockerconfig. The default is json.
--log-level string CLI log level (debug, info, warn, error). The default is info.
--name, -n string The name or ID of the service account.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--owning-team string The team to set as the owner of the service account. The team can be passed by name or ID.
--scopes string The scopes for which the service account is created. Valid options are: enterprise-cert-manager, enterprise-approver-policy, enterprise-venafi-issuer. The default value is enterprise-cert-manager.
--validity integer The validity, in days, for the service account that is generated. The default value is 365 days.
--vcp-region string The Venafi Control Plane region. The default is US.

venctl installation cluster connect

Connect a Kubernetes cluster to Venafi Control Plane.

Usage:

venctl installation cluster connect [flags]

Example:

venctl installation cluster connect --name "My Cluster" --api-key xyz

Flags:

Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
--description string A textual description for the cluster resource.
-h, --help string Help for venctl installation cluster connect.
--kubeconfig string The path to the kubeConfig file you want to use to connect to the cluster.
--kubeconfig-context string The name of the kubeConfig file context you want to use to connect to the cluster.
--log-level string CLI log level (debug, info, warn, error). The default is info.
-n, --name string Name for the cluster resource. This flag is mandatory with this command.
--namespace string The namespace where the agent is installed. The default is venafi.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--owning-team string The team set as owner of the cluster resource. The team can be passed as names or IDs.
--vcp-region string The region of Venafi Control Plane. The default is US.

venctl update

Updates the venctl binary to the latest available stable version.

Usage:

venctl update [flags]

Flags:

Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
-h, --help string Help for venctl update.
--log-level string CLI log level (debug, info, warn, error). The default is info.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--vcp-region string The Venafi Control Plane region. The default is US.

venctl version

Prints the venctl version and build information.

Usage:

venctl version [flags]

Flags:

Flag Type Description
--api-key string API key you want to use to connect to Venafi Control Plane.
-h, --help string Help for venctl version.
--log-level string CLI log level (debug, info, warn, error). The default is info.
--no-prompts Allow command to run without user interaction.
-o, --output string CLI output format (one of: json, text, none). The default is text.
--vcp-region string The Venafi Control Plane region. The default is US.