Hanzo
PlatformHanzo IAMConnecting to IAM

Hanzo IAM CLI

Using Hanzo IAM's official command-line interface for managing users, groups, and permissions

Hanzo IAM CLI is the official command-line interface for Hanzo IAM, providing a powerful and intuitive way to manage your Hanzo IAM identity and access management system directly from the terminal.

GitHub repository: https://github.com/iam/iam-cli

Features

OAuth2 Browser-Based Authentication

The CLI uses a secure browser-based OAuth2 flow for authentication, ensuring your credentials are protected through Hanzo IAM's standard authentication mechanism.

Secure Token Storage

Credentials are safely stored using your system's keyring interface (GNOME Keyring on Linux, Keychain on macOS), ensuring tokens never touch disk in plaintext.

User Management

Create, update, and delete users with ease directly from the command line.

Permission Management

Control user permissions through Hanzo IAM's group feature with built-in roles:

  • lector: Read-only access
  • editor: Can create users, with limited modification rights
  • administrator: Full control over user creation, modification, and deletion

Group Management

Create, modify, and delete user groups to organize users and manage permissions efficiently.

Installation

Prerequisites

  • Go 1.22.0 or higher
  • macOS or Linux operating system
  • GNOME Keyring (Linux) or Keychain (macOS) for secure credential storage

:::caution

Platform Support: Currently supports macOS and Linux (tested on Debian 12 and macOS Sonoma). Windows support via WSL is not available as the CLI requires GNOME's Secret Service DBus interface (GNOME Keyring) for secure credential storage.

:::

macOS

make build TARGET_OS=darwin && make install TARGET_OS=darwin

### Linux

```bash
make build TARGET_OS=linux && make install TARGET_OS=linux

### Configure Your Shell

After installation, add `iam-cli` to your `PATH`:

**For Bash users:**

```bash
echo 'export PATH="/usr/local/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc

**For Zsh users:**

```bash
echo 'export PATH="/usr/local/bin:$PATH"' >> ~/.zshrc
source ~/.zshrc

Verify the installation:

```bash
iam --help

## Configuration

### Hanzo IAM server

You need a Hanzo IAM application for the CLI:

1. **Bootstrap data** Use the repo’s `init_data.json` and follow [Data initialization](/docs/deployment/data-initialization).
2. **Manual** Create and configure an application in the Hanzo IAM admin panel.

### CLI Configuration

On first run, the CLI prompts for a `config.yaml` with your Hanzo IAM connection details. Use the repo’s `config.yaml.example` as a template.

**Required configuration fields:**

```yaml
application_name: your-app-name
iam_endpoint: https://your-iam-instance.com
certificate: |
  -----BEGIN CERTIFICATE-----
  Your certificate content here
  -----END CERTIFICATE-----
client_id: your-client-id
client_secret: your-client-secret
organization_name: your-organization
redirect_uri: http://localhost:9000/callback

Your configuration will be securely stored in `~/.iam-cli/config.yaml` (base64 encoded) for subsequent use.

## Usage

### Available Commands

```bash
Usage:
  iam [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  groups      Manage Hanzo IAM permissions
  help        Help about any command
  login       Login to your Hanzo IAM account
  logout      Logout from your Hanzo IAM account
  users       Manage Hanzo IAM users

Flags:
  -d, --debug   verbose logging
  -h, --help    help for iam

### Login

To authenticate with your Hanzo IAM instance:

```bash
iam login

This will open your default browser for OAuth2 authentication.

### Managing Users

```bash
# List users
iam users list

# Create a user
iam users create

# Update a user
iam users update

# Delete a user
iam users delete

### Managing Groups

```bash
# List groups
iam groups list

# Create a group
iam groups create

# Update a group
iam groups update

# Delete a group
iam groups delete

### Logout

To logout from your Hanzo IAM account:

```bash
iam logout

## Development

### Local Development Environment

A Docker Compose environment is provided in the repository for local testing and development:

```bash
docker compose up -d

:::note

Allow a few moments for the Hanzo IAM container to fully initialize. The container will restart multiple times as it sets up the database.

:::

### Development Configuration

Create a `config.yaml` file from the provided `config.yaml.example` template at the repository root with your local development settings.

### Testing the CLI

Test the login functionality with the default development credentials provided in the repository documentation.

**Run directly with Go:**

```bash
go run main.go login

**Or build and install first:**

```bash
make build TARGET_OS=darwin && make install TARGET_OS=darwin  # For macOS
# OR
make build TARGET_OS=linux && make install TARGET_OS=linux    # For Linux

iam login

How is this guide?

Last updated on

Nuxt

Integrate Hanzo IAM in a Nuxt app with middleware and the JS SDK.

Plugins and middlewares

Official Hanzo IAM plugins for Spring Boot, WordPress, Odoo, Django, and Chrome.

On this page

Features
OAuth2 Browser-Based Authentication
Secure Token Storage
User Management
Permission Management
Group Management
Installation
Prerequisites
macOS