Skip to content

CLI

These docs reflect the latest PyPI release.


fidesctl

The parent group for the Fidesctl CLI.

Usage:

1
fidesctl [OPTIONS] COMMAND [ARGS]...

Options:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
  --version               Show the version and exit.
  -f, --config-path TEXT  Path to a configuration file. Use 'fidesctl view-
                          config' to print the config. Not compatible with the
                          'fidesctl webserver' subcommand.

  --local                 Run in 'local_mode'. This mode doesn't make API
                          calls and can be used without the API
                          server/database.

  --help                  Show this message and exit.

fidesctl annotate

Annotate fidesctl resource types

Usage:

1
fidesctl annotate [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fidesctl annotate dataset

Guided flow for annotating datasets. The dataset file will be edited in-place.

Usage:

1
fidesctl annotate dataset [OPTIONS] INPUT_FILENAME

Options:

1
2
3
  -a, --all-members  Annotate all dataset members, not just fields
  -v, --validate     Strictly validate annotation inputs.
  --help             Show this message and exit.

fidesctl apply

Validate local manifest files and persist any changes via the API server.

Usage:

1
fidesctl apply [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
3
4
5
  --dry   Prevent the persistance of any changes.
  --diff  Include any changes between server and local resources in the
          command output

  --help  Show this message and exit.

fidesctl db

Database utility commands

Usage:

1
fidesctl db [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fidesctl db init

Initialize the Fidesctl database.

Usage:

1
fidesctl db init [OPTIONS]

Options:

1
  --help  Show this message and exit.

fidesctl db reset

Wipes all user-created data and resets the database back to its freshly initialized state.

Usage:

1
fidesctl db reset [OPTIONS]

Options:

1
2
  -y, --yes  Automatically responds 'yes' to any prompts.
  --help     Show this message and exit.

fidesctl delete

Delete a resource on the server.

Usage:

1
2
3
fidesctl delete [OPTIONS] [data_category|data_qualifier|data_subject|data_use|
                dataset|organization|policy|registry|system|evaluation]
                FIDES_KEY

Options:

1
  --help  Show this message and exit.

fidesctl evaluate

Compare your System's Privacy Declarations with your Organization's Policy Rules.

All local resources are applied to the server before evaluation.

If your policy evaluation fails, it is expected that you will need to either adjust your Privacy Declarations, Datasets, or Policies before trying again.

Usage:

1
fidesctl evaluate [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
3
4
5
6
7
8
  -k, --fides-key TEXT  The fides_key of the single policy that you wish to
                        evaluate.

  -m, --message TEXT    A message that you can supply to describe the context
                        of this evaluation.

  --dry                 Prevent the persistance of any changes.
  --help                Show this message and exit.

fidesctl export

Export fidesctl resource types

Usage:

1
fidesctl export [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fidesctl export datamap

Export a formatted data map to excel using template

The csv flag can be used to output data as csv instead

Usage:

1
fidesctl export datamap [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
3
  --dry   Prevent the persistance of any changes.
  --csv   Export using csv format
  --help  Show this message and exit.

fidesctl export dataset

Export a dataset in a data map format.

Usage:

1
fidesctl export dataset [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
  --dry   Prevent the persistance of any changes.
  --help  Show this message and exit.

fidesctl export organization

Export an organization in a data map format.

Usage:

1
fidesctl export organization [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
  --dry   Prevent the persistance of any changes.
  --help  Show this message and exit.

fidesctl export system

Export a system in a data map format.

Usage:

1
fidesctl export system [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
  --dry   Prevent the persistance of any changes.
  --help  Show this message and exit.

fidesctl generate

Generate fidesctl resource types

Usage:

1
fidesctl generate [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fidesctl generate dataset

Generate fidesctl Dataset resources

Usage:

1
fidesctl generate dataset [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.
fidesctl generate dataset db

Connect to a database directly via a SQLAlchemy-style connection string and generate a dataset manifest file that consists of every schema/table/field.

This is a one-time operation that does not track the state of the database. It will need to be run again if the database schema changes.

Usage:

1
fidesctl generate dataset db [OPTIONS] CONNECTION_STRING OUTPUT_FILENAME

Options:

1
2
  --include-null  Includes attributes that would otherwise be null.
  --help          Show this message and exit.
fidesctl generate dataset okta

Generates datasets for your Okta applications. Connect to an Okta admin account by providing an organization url. Auth token can be supplied by setting the environment variable OKTA_CLIENT_TOKEN.

This is a one-time operation that does not track the state of the okta resources. It will need to be run again if the tracked resources change.

Usage:

1
fidesctl generate dataset okta [OPTIONS] ORG_URL OUTPUT_FILENAME

Options:

1
2
  --include-null  Includes attributes that would otherwise be null.
  --help          Show this message and exit.

fidesctl generate system

Generate fidesctl System resources

Usage:

1
fidesctl generate system [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.
fidesctl generate system aws

Connect to an aws account by leveraging a boto3 environment variable configuration and generate a system manifest file that consists of every tracked resource. Tracked resources: [Redshift, RDS]

This is a one-time operation that does not track the state of the aws resources. It will need to be run again if the tracked resources change.

Usage:

1
fidesctl generate system aws [OPTIONS] OUTPUT_FILENAME

Options:

1
2
3
  --include-null           Includes attributes that would otherwise be null.
  -o, --organization TEXT
  --help                   Show this message and exit.

fidesctl get

View a resource from the server as a JSON object.

Usage:

1
2
fidesctl get [OPTIONS] [data_category|data_qualifier|data_subject|data_use|dat
             aset|organization|policy|registry|system|evaluation] FIDES_KEY

Options:

1
  --help  Show this message and exit.

fidesctl init

Initializes a Fidesctl instance, creating the default directory (.fides/) and the configuration file (fidesctl.toml) if necessary.

Additionally, requests the ability to respectfully collect anonymous usage data.

Usage:

1
fidesctl init [OPTIONS] [FIDES_DIRECTORY_LOCATION]

Options:

1
  --help  Show this message and exit.

fidesctl ls

Get a list of all resources of this type from the server and display them as JSON.

Usage:

1
2
fidesctl ls [OPTIONS] [data_category|data_qualifier|data_subject|data_use|data
            set|organization|policy|registry|system|evaluation]

Options:

1
  --help  Show this message and exit.

fidesctl parse

Reads the resource files that are stored in MANIFESTS_DIR and its subdirectories to verify the validity of all manifest files.

If the taxonomy is invalid, this command prints the error messages and triggers a non-zero exit code.

Usage:

1
fidesctl parse [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
  -v, --verbose  Enable verbose output.
  --help         Show this message and exit.

fidesctl scan

Scan external resource coverage against fidesctl resources

Usage:

1
fidesctl scan [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fidesctl scan dataset

Scan fidesctl Dataset resources

Usage:

1
fidesctl scan dataset [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.
fidesctl scan dataset db

Connect to a database directly via a SQLAlchemy-style connection string and compare the database objects to existing datasets.

If there are fields within the database that aren't listed and categorized within one of the datasets, this counts as lacking coverage.

Outputs missing fields and has a non-zero exit if coverage is under the stated threshold.

Usage:

1
fidesctl scan dataset db [OPTIONS] CONNECTION_STRING [MANIFESTS_DIR]

Options:

1
2
  -c, --coverage-threshold INTEGER RANGE
  --help                          Show this message and exit.
fidesctl scan dataset okta

Scans your existing datasets and compares them to found Okta applications. Connect to an Okta admin account by providing an organization url. Auth token can be supplied by setting the environment variable OKTA_CLIENT_TOKEN.

Outputs missing resources and has a non-zero exit if coverage is under the stated threshold.

Usage:

1
fidesctl scan dataset okta [OPTIONS] ORG_URL [MANIFESTS_DIR]

Options:

1
2
  -c, --coverage-threshold INTEGER RANGE
  --help                          Show this message and exit.

fidesctl scan system

Scan fidesctl System resources

Usage:

1
fidesctl scan system [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.
fidesctl scan system aws

Connect to an aws account by leveraging a valid boto3 environment varible configuration and compares tracked resources to existing systems. Tracked resources: [Redshift, RDS]

Outputs missing resources and has a non-zero exit if coverage is under the stated threshold.

Usage:

1
fidesctl scan system aws [OPTIONS] [MANIFESTS_DIR]

Options:

1
2
3
  -o, --organization TEXT
  -c, --coverage-threshold INTEGER RANGE
  --help                          Show this message and exit.

fidesctl status

Sends a request to the Fidesctl API healthcheck endpoint and prints the response.

Usage:

1
fidesctl status [OPTIONS]

Options:

1
  --help  Show this message and exit.

fidesctl view

View various resources types.

Usage:

1
fidesctl view [OPTIONS] COMMAND [ARGS]...

Options:

1
  --help  Show this message and exit.

fidesctl view config

Prints the fidesctl configuration values.

Usage:

1
fidesctl view config [OPTIONS]

Options:

1
2
  --exclude-unset  Only print configuration values explicitly set by the user.
  --help           Show this message and exit.

fidesctl webserver

Starts the fidesctl API server using Uvicorn on port 8080.

Usage:

1
fidesctl webserver [OPTIONS]

Options:

1
  --help  Show this message and exit.
Back to top