Skip to content

CLI

These docs reflect the latest PyPI release.


fides

1
The parent group for the Fides CLI.

Usage:

1
fides [OPTIONS] COMMAND [ARGS]...

Options:

1
2
3
4
5
6
7
8
  --version               Show the version and exit.
  -f, --config-path TEXT  Path to a configuration file. Use 'fides view-
                          config' to print the config. Not compatible with the
                          'fides webserver' subcommand.
  --local                 Run in 'local_mode'. This mode doesn't make API
                          calls and can be used without the API
                          server/database.
  --help                  Show this message and exit.

fides annotate

1
Annotate fides resource types

Usage:

1
fides annotate [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fides annotate dataset

1
Guided flow for annotating datasets. The dataset file will be edited in-place.

Usage:

1
fides annotate dataset [OPTIONS] INPUT_FILENAME

Options:

1
2
3
  -a, --all-members  Annotate all dataset members, not just fields
  -v, --validate     Strictly validate annotation inputs.
  --help             Show this message and exit.

fides db

1
Database utility commands

Usage:

1
fides db [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fides db init

1
Initialize the fides database.

Usage:

1
fides db init [OPTIONS]

Options:

1
  --help  Show this message and exit.

fides db reset

1
Wipes all user-created data and resets the database back to its freshly initialized state.

Usage:

1
fides db reset [OPTIONS]

Options:

1
2
  -y, --yes  Automatically responds 'yes' to any prompts.
  --help     Show this message and exit.

fides delete

1
Delete a resource on the server.

Usage:

1
2
fides delete [OPTIONS] {data_category|data_qualifier|data_subject|data_use|dat
             aset|organization|policy|registry|system|evaluation} FIDES_KEY

Options:

1
  --help  Show this message and exit.

fides deploy

1
Deploy a sample project locally to try out Fides.

Usage:

1
fides deploy [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fides deploy down

1
Stops the sample project and removes all volumes.

Usage:

1
fides deploy down [OPTIONS]

Options:

1
  --help  Show this message and exit.

fides deploy up

1
Starts the sample project via docker compose.

Usage:

1
fides deploy up [OPTIONS]

Options:

1
2
3
4
  --no-pull  Use a local image instead of trying to pull from DockerHub.
  --no-init  Disable the initialization of the Fides CLI, to run in headless
             mode.
  --help     Show this message and exit.

fides evaluate

1
2
3
4
5
6
Compare your System's Privacy Declarations with your Organization's Policy Rules.

All local resources are applied to the server before evaluation.

If your policy evaluation fails, it is expected that you will need to
either adjust your Privacy Declarations, Datasets, or Policies before trying again.

Usage:

1
fides evaluate [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
3
4
5
6
7
8
  -k, --fides-key TEXT  The fides_key of the single policy that you wish to
                        evaluate.
  -m, --message TEXT    A message that you can supply to describe the context
                        of this evaluation.
  -a, --audit           Raise errors if resources are missing attributes
                        required for building a data map.
  --dry                 Prevent the persistance of any changes.
  --help                Show this message and exit.

fides export

1
Export fides resource types

Usage:

1
fides export [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fides export datamap

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
Export a formatted data map to excel using the fides template.

The data map is comprised of an Organization, Systems, and Datasets.

The default organization is used, however a custom one can be
passed if required.

A custom manifest directory can be provided for the output location.

The csv flag can be used to output data as csv, while the dry
flag can be used to return data to the console instead.

Usage:

1
fides export datamap [OPTIONS]

Options:

1
2
3
4
5
6
7
  -d, --output-dir TEXT  The output directory for the data map to be exported
                         to.
  -k, --org-key TEXT     The organization_fides_key you wish to export
                         resources for.
  --dry                  Prevent the persistance of any changes.
  --csv                  Export using csv format
  --help                 Show this message and exit.

fides export dataset

1
Export a dataset in a data map format.

Usage:

1
fides export dataset [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
  --dry   Prevent the persistance of any changes.
  --help  Show this message and exit.

fides export organization

1
Export an organization in a data map format.

Usage:

1
fides export organization [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
  --dry   Prevent the persistance of any changes.
  --help  Show this message and exit.

fides export system

1
Export a system in a data map format.

Usage:

1
fides export system [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
  --dry   Prevent the persistance of any changes.
  --help  Show this message and exit.

fides generate

1
Generate fides resource types

Usage:

1
fides generate [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fides generate dataset

1
Generate fides Dataset resources

Usage:

1
fides generate dataset [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.
fides generate dataset db
1
2
3
4
5
6
7
Connect to a database directly via a SQLAlchemy-style connection string and
generate a dataset manifest file that consists of every schema/table/field.
Connection string can be supplied as an option or a credentials reference
to fides config.

This is a one-time operation that does not track the state of the database.
It will need to be run again if the database schema changes.

Usage:

1
fides generate dataset db [OPTIONS] OUTPUT_FILENAME

Options:

1
2
3
4
5
  --credentials-id TEXT     Use credentials defined within fides config
  --connection-string TEXT  Use connection string option to connect to a
                            database
  --include-null            Includes attributes that would otherwise be null.
  --help                    Show this message and exit.
fides generate dataset gcp
1
Generate fides Dataset resources for Google Cloud Platform

Usage:

1
fides generate dataset gcp [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.
fides generate dataset gcp bigquery
1
2
3
4
5
6
7
Connect to a BigQuery dataset directly via a SQLAlchemy connection and
generate a dataset manifest file that consists of every schema/table/field.
A path to a google authorization keyfile can be supplied as an option, or a
credentials reference to fides config.

This is a one-time operation that does not track the state of the dataset.
It will need to be run again if the dataset schema changes.

Usage:

1
fides generate dataset gcp bigquery [OPTIONS] DATASET_NAME OUTPUT_FILENAME

Options:

1
2
3
4
  --credentials-id TEXT  Use credentials defined within fides config
  --keyfile-path TEXT
  --include-null         Includes attributes that would otherwise be null.
  --help                 Show this message and exit.

fides generate system

1
Generate fides System resources

Usage:

1
fides generate system [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.
fides generate system aws
1
2
3
4
5
6
7
8
Connect to an aws account and generate a system manifest file that consists of every
tracked resource.
Credentials can be supplied as options, a credentials
reference to fides config, or boto3 environment configuration.
Tracked resources: [Redshift, RDS, DynamoDb, S3]

This is a one-time operation that does not track the state of the aws resources.
It will need to be run again if the tracked resources change.

Usage:

1
fides generate system aws [OPTIONS] OUTPUT_FILENAME

Options:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
  --credentials-id TEXT     Use credentials defined within fides config
  --access_key_id TEXT      Use access key id option to connect to aws.
                            Requires options --access_key_id,
                            --secret_access_key and --region
  --secret_access_key TEXT  Use access key option to connect to aws. Requires
                            options --access_key_id, --secret_access_key and
                            --region
  --region TEXT             Use region option to connect to aws. Requires
                            options --access_key_id, --secret_access_key and
                            --region
  --include-null            Includes attributes that would otherwise be null.
  -k, --org-key TEXT        The organization_fides_key you wish to export
                            resources for.
  --help                    Show this message and exit.
fides generate system okta
1
2
3
4
5
6
7
Generates systems for your Okta applications. Connect to an Okta admin
account by providing an organization url and auth token or a credentials
reference to fides config. Auth token and organization url can also
be supplied by setting environment variables as defined by the okta python sdk.

This is a one-time operation that does not track the state of the okta resources.
It will need to be run again if the tracked resources change.

Usage:

1
fides generate system okta [OPTIONS] OUTPUT_FILENAME

Options:

1
2
3
4
5
6
7
8
9
  --credentials-id TEXT  Use credentials defined within fides config
  --org-url TEXT         Use org url option to connect to okta. Requires
                         options --org-url and --token
  --token TEXT           Use token option to connect to okta. Requires options
                         --org-url and --token
  --include-null         Includes attributes that would otherwise be null.
  -k, --org-key TEXT     The organization_fides_key you wish to export
                         resources for.
  --help                 Show this message and exit.

fides get

1
View a resource from the server as a YAML object.

Usage:

1
2
fides get [OPTIONS] {data_category|data_qualifier|data_subject|data_use|datase
          t|organization|policy|registry|system|evaluation} FIDES_KEY

Options:

1
  --help  Show this message and exit.

fides init

1
2
3
4
Initializes a fides instance, creating the default directory (`.fides/`) and
the configuration file (`fides.toml`) if necessary.

Additionally, requests the ability to respectfully collect anonymous usage data.

Usage:

1
fides init [OPTIONS] [FIDES_DIRECTORY_LOCATION]

Options:

1
  --help  Show this message and exit.

fides ls

1
Get a list of all resources of this type from the server and display them as YAML.

Usage:

1
2
fides ls [OPTIONS] {data_category|data_qualifier|data_subject|data_use|dataset
         |organization|policy|registry|system|evaluation}

Options:

1
  --help  Show this message and exit.

fides parse

1
2
3
4
Reads the resource files that are stored in MANIFESTS_DIR and its subdirectories to verify
the validity of all manifest files.

If the taxonomy is invalid, this command prints the error messages and triggers a non-zero exit code.

Usage:

1
fides parse [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
  -v, --verbose  Enable verbose output.
  --help         Show this message and exit.

fides pull

1
2
3
4
5
6
Update local resource files by their fides_key to match their server versions.

Alternatively, with the "--all" flag all resources from the server will be pulled
down into a local file.

The pull is aborted if there are unstaged or untracked files in the manifests dir.

Usage:

1
fides pull [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
3
  -a, --all-resources TEXT  Pulls all locally missing resources from the
                            server into this file.
  --help                    Show this message and exit.

fides push

1
Validate local manifest files and persist any changes via the API server.

Usage:

1
fides push [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
3
4
  --dry   Prevent the persistance of any changes.
  --diff  Include any changes between server and local resources in the
          command output
  --help  Show this message and exit.

fides scan

1
Scan external resource coverage against fides resources

Usage:

1
fides scan [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fides scan dataset

1
Scan fides Dataset resources

Usage:

1
fides scan dataset [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.
fides scan dataset db
1
2
3
4
5
6
7
8
9
Connect to a database directly via a SQLAlchemy-style connection string and
compare the database objects to existing datasets. Connection string can be
supplied as an option or a credentials reference to fides config.

If there are fields within the database that aren't listed and categorized
within one of the datasets, this counts as lacking coverage.

Outputs missing fields and has a non-zero exit if coverage is
under the stated threshold.

Usage:

1
fides scan dataset db [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
3
4
5
6
  --credentials-id TEXT           Use credentials defined within fides config
  --connection-string TEXT        Use connection string option to connect to a
                                  database
  -c, --coverage-threshold INTEGER RANGE
                                  [0<=x<=100]
  --help                          Show this message and exit.

fides scan system

1
Scan fides System resources

Usage:

1
fides scan system [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.
fides scan system aws
1
2
3
4
5
6
7
Connect to an aws account and compares tracked resources to existing systems.
Credentials can be supplied as options, a credentials reference to fides
config, or boto3 environment configuration.
Tracked resources: [Redshift, RDS, DynamoDb, S3]

Outputs missing resources and has a non-zero exit if coverage is
under the stated threshold.

Usage:

1
fides scan system aws [OPTIONS] [MANIFESTS_DIR]

Options:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
  --credentials-id TEXT           Use credentials defined within fides config
  --access_key_id TEXT            Use access key id option to connect to aws.
                                  Requires options --access_key_id,
                                  --secret_access_key and --region
  --secret_access_key TEXT        Use access key option to connect to aws.
                                  Requires options --access_key_id,
                                  --secret_access_key and --region
  --region TEXT                   Use region option to connect to aws.
                                  Requires options --access_key_id,
                                  --secret_access_key and --region
  -k, --org-key TEXT              The organization_fides_key you wish to
                                  export resources for.
  -c, --coverage-threshold INTEGER RANGE
                                  [0<=x<=100]
  --help                          Show this message and exit.
fides scan system okta
1
2
3
4
5
6
7
8
Scans your existing systems and compares them to found Okta applications.
Connect to an Okta admin account by providing an organization url and
auth token or a credentials reference to fides config. Auth token and
organization url can also be supplied by setting environment variables
as defined by the okta python sdk.

Outputs missing resources and has a non-zero exit if coverage is
under the stated threshold.

Usage:

1
fides scan system okta [OPTIONS] [MANIFESTS_DIR]

Options:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
  --credentials-id TEXT           Use credentials defined within fides config
  --org-url TEXT                  Use org url option to connect to okta.
                                  Requires options --org-url and --token
  --token TEXT                    Use token option to connect to okta.
                                  Requires options --org-url and --token
  -k, --org-key TEXT              The organization_fides_key you wish to
                                  export resources for.
  -c, --coverage-threshold INTEGER RANGE
                                  [0<=x<=100]
  --help                          Show this message and exit.

fides status

1
Sends a request to the fides API healthcheck endpoint and prints the response.

Usage:

1
fides status [OPTIONS]

Options:

1
  --help  Show this message and exit.

fides user

1
Click command group for interacting with user-related functionality.

Usage:

1
fides user [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fides user create

1
2
3
Use credentials from the credentials file to create a new user.

Gives full permissions to the new user.

Usage:

1
fides user create [OPTIONS]

Options:

1
2
3
4
5
  -u, --username TEXT
  -p, --password TEXT
  -f, --first-name TEXT
  -l, --last-name TEXT
  --help                 Show this message and exit.

fides user login

1
Use credentials to get a user access token and write it to a credentials file.

Usage:

1
fides user login [OPTIONS]

Options:

1
2
3
  -u, --username TEXT
  -p, --password TEXT
  --help               Show this message and exit.

fides user permissions

List the scopes avaible to the current user.

Usage:

1
fides user permissions [OPTIONS]

Options:

1
  --help  Show this message and exit.

fides view

1
View various resources types.

Usage:

1
fides view [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fides view config

1
Prints the configuration values being used.

Usage:

1
fides view config [OPTIONS] [SECTION]

Options:

1
2
  --exclude-unset  Only print configuration values explicitly set by the user.
  --help           Show this message and exit.

fides webserver

1
Starts the fides API server using Uvicorn.

Usage:

1
fides webserver [OPTIONS]

Options:

1
2
  -p, --port INTEGER
  --help              Show this message and exit.

fides worker

1
Starts a celery worker.

Usage:

1
fides worker [OPTIONS]

Options:

1
  --help  Show this message and exit.
Back to top