Permit CLI: Quickstart & Reference

The Permit CLI is a powerful command-line tool for managing your Permit projects, policies, users, and environments. It enables you to automate workflows, integrate with CI/CD, and manage authorization as code—directly from your terminal.

Key Use Cases:

• Project and environment setup
• Policy and role management
• User and group management
• Automation and scripting
• Integration with GitOps, Terraform, and CI/CD

---

Permit CLI

The Permit CLI is an open-source command-line tool that empowers developers to manage, test, and automate fine-grained access control across applications.

What You Can Do with Permit CLI

• ⚙️ Create and manage authorization policies in projects and environments
• 🧪 Test and validate access control with audit log replays and end-to-end simulations
• 🚀 Run and interact with Policy Decision Points (PDPs) locally or remotely
• 🏗️ Automate policy operations in CI/CD with IaC and GitOps
• ✨ Generate policies from natural language using AI
• 🔐 Manage users, roles, and permissions directly from your terminal

💡 The CLI is fully open source and is built with Pastel, using TypeScript and a React-style architecture. Contributions welcome!

Installation

The Permit CLI is now available only via npm and requires a Node.js installation to run.

npm install -g @permitio/cli

Usage

All the commands in the CLI are available via the permit command in the following convention:

$ permit [command] [options]

For example:

$ permit pdp check --user user@permit.io --action list --resource transactions

---

Full Command-List

Below is a categorized overview of all available Permit CLI commands:

Authentication

• permit login – Log in to your Permit.io account and authenticate your session.
• permit logout – Log out and clear stored credentials.

PDP (Policy Decision Point) Operations

• permit pdp run – Start a Permit PDP container using Docker.
• permit pdp check – Perform real-time authorization checks against the PDP.
• permit pdp stats – View performance metrics and audit statistics from your PDP instance.
• permit pdp check-url – Check if a user has permission to access a specific URL.

SDLC

• Automate environment creation and management
  • permit env create – Create a new environment.
  • permit env copy – Copy policies between environments.
  • permit env delete – Delete an environment.
  • permit env member – Add members to an environment and assign roles.
  • permit env select – Switch active environment context.
• Terraform and IaC
  • permit env export terraform

Fine-Grained Authorization Configuration

• AI-Powered Policy Generation

  • permit policy create ai - Use natural language to generate and apply structured RBAC policies using AI.

• Interactive Policy Wizard

  • permit init - Initialize the policy creation wizard.
  • permit policy create simple - Use a table-style wizard or command-line arguments to define a policy with resources, actions, and roles.

• Permissions Templates

  • permit env template list – List available policy templates to apply.
  • permit env template apply – Apply a policy template to your current environment.

• OpenAPI -x Extensions for Policy Configuration

  • permit env apply openapi - Create a full policy schema in Permit by reading an OpenAPI spec file and using -x-permit extensions.

• API Commands

  • permit api sync user - Create or update a user with attributes and role assignments.
  • permit api users list - List all users in your Permit.io account.
  • permit api users assign - Assign a role to a user within a specified tenant.
  • permit api users unassign - Remove a role assignment from a user.
  • permit api create proxy - Create a new proxy config inside the Permit.io system.
  • permit api list proxy - List all the proxy configs defined within an environment.

Policy Testing

• permit test run audit – Audit your policy decisions against recent logs.
• E2E Tests
  • permit test generate e2e – Generate end-to-end policy test configurations and (optionally) test data.

Custom Rego (OPA) and GitOps

• Sync policies to Git Repositories
  • permit gitops create github - Set up GitOps integration for a Permit environment using a GitHub repository.
  • permit gitops env clone - Clone an environment or an entire project from a GitOps repository.
• Extend Predefined Policies with Custom Rego (Open Policy Agent)
  • permit opa policy - Print policies from a running OPA (Open Policy Agent) instance.

---

In-Depth Command Overview

Basic Commands: Authentication

permit login

You must log in to your Permit.io account to run commands.

The login command will take you to the browser to perform user authentication and then let you choose the workspace, project, and environment for future command runs.

Arguments (Optional):

• --api-key <string> - store a Permit API key in your workstation keychain instead of running browser authentication
• --workspace <string> - predefined workspace key to skip the workspace selection step

Example:

$ permit login

---

permit logout

This command will log you out of your Permit account and remove the stored key from your workspace.

Example:

$ permit logout

---

Further Reading & Related Tools

• Permit CLI GitHub README
• Terraform Provider Integration
• GitOps with Permit
• CI/CD & Permit Checks
• Permit SDKs