v0.0.x

Config

Using the config command, it is possible to manage the CLI configurations.

The configuration file is stored in ~/.permguard/config.toml.

 Usage:
  permguard config [flags]
  permguard config [command]

Available Commands:
  get         Get configuration items
  reset       Reset the cli config settings
  set         Set configuration items
  show        Show current CLI configuration

Flags:
  -h, --help   help for config

Global Flags:
  -o, --output string            output format (default "terminal")
      --spiffe-enabled           enable native SPIFFE mTLS via Workload API
      --spiffe-endpoint string   SPIFFE Workload API socket path (defaults to SPIFFE_ENDPOINT_SOCKET env)
      --tls-ca-file string       path to CA certificate for server verification (PEM)
      --tls-cert-file string     path to client certificate for mTLS (PEM)
      --tls-key-file string      path to client private key for mTLS (PEM)
      --tls-skip-verify          skip server certificate verification (insecure, dev only)
  -v, --verbose                  true for verbose output
  -w, --workdir string           workdir (default ".")

Use "permguard config [command] --help" for more information about a command.

caution

The output from your current version of Permguard may differ from the example provided on this page.

Reset the Config

The permguard config reset command allows to reset the CLI configurations.

permguard config reset

output:

 The cli config file ~/.permguard/config.toml has been reset.

JSON Output

permguard config reset --output json

output:

{
  "cli": {
    "config_file": "~/.permguard/config.toml"
  }
}

Show Current Configuration

The permguard config show command displays all current CLI configuration settings.

permguard config show

output:

endpoints.zap: grpc://localhost:9091
endpoints.pap: grpc://localhost:9092
endpoints.pdp: grpc://localhost:9094
language: cedar
authstar.max-object-size: 5242880
notp.max-packet-size: 16777216

JSON Output

permguard config show --output json

output:

{
  "endpoints": {
    "zap": "grpc://localhost:9091",
    "pap": "grpc://localhost:9092",
    "pdp": "grpc://localhost:9094"
  },
  "language": "cedar",
  "authstar": {
    "max_object_size": 5242880
  },
  "notp": {
    "max_packet_size": 16777216
  }
}

Endpoints

Endpoints define the connection address for each Permguard service. The endpoint value must include a scheme prefix followed by hostname:port.

The supported schemes are:

Scheme	Transport	When to use
`grpc://`	Plaintext gRPC	Server running with `--server-tls-mode=none` (default)
`grpcs://`	TLS-encrypted gRPC	Server running with `--server-tls-mode=tls`, `mtls`, or when TLS is terminated externally
`http://`	Plaintext HTTP	HTTP gateway, no encryption
`https://`	TLS-encrypted HTTP	HTTP gateway with TLS

tip

When the server has TLS enabled, switch all endpoints from grpc:// to grpcs://. If you see errors like connection reset by peer, it typically means the scheme does not match the server's TLS configuration.

Set Endpoints

Endpoints can be set using the following commands.

Plaintext (default, no TLS):

permguard config set zap-endpoint grpc://localhost:9091

permguard config set pap-endpoint grpc://localhost:9092

permguard config set pdp-endpoint grpc://localhost:9094

TLS-enabled server:

permguard config set zap-endpoint grpcs://localhost:9091

permguard config set pap-endpoint grpcs://localhost:9092

permguard config set pdp-endpoint grpcs://localhost:9094

Get Endpoints

The endpoints can be retrieved using the following commands:

permguard config get zap-endpoint

permguard config get pap-endpoint

permguard config get pdp-endpoint

JSON Output

permguard config get pdp-endpoint -o json

output:

{ "pdp_endpoint": "grpc://localhost:9094" }

Authstar Max Object Size

The authstar-max-object-size setting defines the maximum allowed size in bytes for objects in the authstar storage (commits, trees, blobs). The default value is 5242880 (5MB).

Set Authstar Max Object Size

permguard config set authstar-max-object-size 10485760

Get Authstar Max Object Size

permguard config get authstar-max-object-size

JSON Output

permguard config get authstar-max-object-size -o json

output:

{ "authstar_max_object_size": 5242880 }

NOTP Max Packet Size

The notp-max-packet-size setting defines the maximum allowed packet size in bytes for the NOTP (Network Object Transfer Protocol) transport layer. The default value is 16777216 (16MB).

Set NOTP Max Packet Size

permguard config set notp-max-packet-size 16777216

Get NOTP Max Packet Size

permguard config get notp-max-packet-size

JSON Output

permguard config get notp-max-packet-size -o json

output:

{ "notp_max_packet_size": 16777216 }

Reset the Config​

Show Current Configuration​

Endpoints​

Set Endpoints​

Get Endpoints​

Authstar Max Object Size​

Set Authstar Max Object Size​

Get Authstar Max Object Size​

NOTP Max Packet Size​

Set NOTP Max Packet Size​

Get NOTP Max Packet Size​

Reset the Config

Show Current Configuration

Endpoints

Set Endpoints

Get Endpoints

Authstar Max Object Size

Set Authstar Max Object Size

Get Authstar Max Object Size

NOTP Max Packet Size

Set NOTP Max Packet Size

Get NOTP Max Packet Size