chainctl Reference on

chainctl Reference onhttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/Recent content in chainctl Reference onHugo -- gohugo.ioen-USTue, 20 Sep 2022 08:49:15 +0000chainctlhttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl/Thu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl/chainctl Chainguard Control chainctl [flags] Options --api string The url of the Chainguard platform API. (default "https://console-api.enforce.dev") --audience string The Chainguard token audience to request. (default "https://console-api.enforce.dev") --config string A specific chainctl config file. Uses CHAINCTL_CONFIG environment variable if a file is not passed explicitly. --console string The url of the Chainguard platform Console. (default "https://console.chainguard.dev") --force-color Force color output even when stdout is not a TTY. -h, --help Help for chainctl --issuer string The url of the Chainguard STS endpoint.chainctl authhttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth/Thu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth/chainctl auth Auth related commands for the Chainguard platform. Options inherited from parent commands --api string The url of the Chainguard platform API. (default "https://console-api.enforce.dev") --audience string The Chainguard token audience to request. (default "https://console-api.enforce.dev") --config string A specific chainctl config file. Uses CHAINCTL_CONFIG environment variable if a file is not passed explicitly. --console string The url of the Chainguard platform Console. (default "https://console.chainguard.dev") --force-color Force color output even when stdout is not a TTY.chainctl auth configure-dockerhttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_configure-docker/Thu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_configure-docker/chainctl auth configure-docker Configure a Docker credential helper chainctl auth configure-docker [flags] Options --headless Skip browser authentication and use device flow. --identity string The unique ID of the identity to assume when logging in. --identity-provider string The unique ID of the customer managed identity provider to authenticate with --identity-token string Use an explicit passed identity token or token path. --name string Optional name for the pull token (default "pull-token") --org-name string Organization to use for authentication.chainctl auth delete-accounthttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_delete-account/Thu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_delete-account/chainctl auth delete-account Permanently delete your user account. chainctl auth delete-account [flags] Options -y, --yes Automatic yes to prompts; assume "yes" as answer to all prompts and run non-interactively. Options inherited from parent commands --api string The url of the Chainguard platform API. (default "https://console-api.enforce.dev") --audience string The Chainguard token audience to request. (default "https://console-api.enforce.dev") --config string A specific chainctl config file. Uses CHAINCTL_CONFIG environment variable if a file is not passed explicitly.chainctl auth loginhttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_login/Thu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_login/chainctl auth login Login to the Chainguard platform. chainctl auth login [--invite-code=INVITE_CODE] [--identity-token=PATH_TO_TOKEN] [--identity=IDENTITY_ID] [--identity-provider=IDP_ID] [--org-name=ORG_NAME] [--audience=AUDIENCE]... [--social-login={email|google|github|gitlab}] [--headless] [--prefer-ambient-credentials] [--refresh] [--output=id|json|none|table] Examples # Default auth login flow: chainctl auth login # Refreshing a token within a Kubernetes context: chainctl auth login --identity-token=PATH_TO_TOKEN --refresh # Headless login using --org-name chainctl auth login --headless --org-name my-org # Register by accepting an invite to an existing location chainctl auth login --invite-code eyJncnAiOiI5MzA.chainctl auth logouthttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_logout/Thu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_logout/chainctl auth logout Logout from the Chainguard platform. chainctl auth logout [--audience=AUDIENCE] Options inherited from parent commands --api string The url of the Chainguard platform API. (default "https://console-api.enforce.dev") --audience string The Chainguard token audience to request. (default "https://console-api.enforce.dev") --config string A specific chainctl config file. Uses CHAINCTL_CONFIG environment variable if a file is not passed explicitly. --console string The url of the Chainguard platform Console. (default "https://console.chainguard.dev") --force-color Force color output even when stdout is not a TTY.chainctl auth pull-tokenhttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_pull-token/Thu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_pull-token/chainctl auth pull-token Create a pull token. chainctl auth pull-token [flags] Options --name string Optional name for the pull token. (default "pull-token") --parent string The IAM organization or folder with which the pull token identity is associated. --repository string The repository type to create a pull token for. Must be one of: oci, apk, java, python, javascript. (default "oci") --save Save the OCI registry pull token to the Docker configuration.chainctl auth pull-token createhttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_pull-token_create/Thu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_pull-token_create/chainctl auth pull-token create Create a pull token. chainctl auth pull-token create [--save=true|false] [--name=NAME] [--ttl=NUM_HOURS_ACTIVE] [--parent=PARENT] [--repository={oci|apk|java|python|javascript}] [flags] Examples # Create a pull token for container registry pull access. chainctl auth pull-token create # Create a pull token for pull access to a library ecosystem. chainctl auth pull-token create --repository=java # Create a pull token that lasts for 24 hours. chainctl auth pull-token create --ttl=24h # Create a pull token for a particular organization.chainctl auth pull-token listhttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_pull-token_list/Thu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_pull-token_list/chainctl auth pull-token list List all pull-tokens chainctl auth pull-token list [--parent=PARENT] [--expired=true|false] [--repository={oci|apk|java|python|javascript}] [flags] Examples # List all pull tokens. chainctl auth pull-token list # List all pull tokens associated with the Java library ecosystem. chainctl auth pull-token list --repository=java # List expired pull tokens. chainctl auth pull-token list --expired # List pull tokens associated to a particular organization. chainctl auth pull-token list --parent=my-org # List all expired APK pull tokens.chainctl auth statushttps://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_status/Thu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainctl/chainctl-docs/chainctl_auth_status/chainctl auth status Inspect the local Chainguard Token. chainctl auth status [--output=json|table|terse] [flags] Options --headless Skip browser authentication and use device flow. --identity string The unique ID of the identity to assume when logging in. --identity-provider string The unique ID of the customer managed identity provider to authenticate with --identity-token string Use an explicit passed identity token or token path. --org-name string Organization to use for authentication. If configured the organization's custom identity provider will be used --quick Whether to perform quick offline token checks (vs.