--version Show the version and exit.
-f, --config-path TEXT Path to a configuration file. Use 'fides view-
config' to print the config. Not compatible with the
'fides webserver' subcommand.
--local Run in 'local_mode'. This mode doesn't make API
calls and can be used without the API
server/database.
--help Show this message and exit.
fides annotate
1
Annotate fides resource types
Usage:
1
fides annotate [OPTIONS] COMMAND [ARGS]...
Options:
1
--help Show this message and exit.
fides annotate dataset
1
Guided flow for annotating datasets. The dataset file will be edited in-place.
Usage:
1
fides annotate dataset [OPTIONS] INPUT_FILENAME
Options:
123
-a, --all-members Annotate all dataset members, not just fields
-v, --validate Strictly validate annotation inputs.
--help Show this message and exit.
fides db
1
Database utility commands
Usage:
1
fides db [OPTIONS] COMMAND [ARGS]...
Options:
1
--help Show this message and exit.
fides db init
1
Initialize the fides database.
Usage:
1
fides db init [OPTIONS]
Options:
1
--help Show this message and exit.
fides db reset
1
Wipes all user-created data and resets the database back to its freshly initialized state.
Usage:
1
fides db reset [OPTIONS]
Options:
12
-y, --yes Automatically responds 'yes' to any prompts.
--help Show this message and exit.
--no-pull Use a local image instead of trying to pull from DockerHub.
--no-init Disable the initialization of the Fides CLI, to run in headless
mode.
--help Show this message and exit.
fides evaluate
123456
Compare your System's Privacy Declarations with your Organization's Policy Rules.
All local resources are applied to the server before evaluation.
If your policy evaluation fails, it is expected that you will need to
either adjust your Privacy Declarations, Datasets, or Policies before trying again.
Usage:
1
fides evaluate [OPTIONS] [MANIFESTS_DIR]
Options:
12345678
-k, --fides-key TEXT The fides_key of the single policy that you wish to
evaluate.
-m, --message TEXT A message that you can supply to describe the context
of this evaluation.
-a, --audit Raise errors if resources are missing attributes
required for building a data map.
--dry Prevent the persistance of any changes.
--help Show this message and exit.
fides export
1
Export fides resource types
Usage:
1
fides export [OPTIONS] COMMAND [ARGS]...
Options:
1
--help Show this message and exit.
fides export datamap
1 2 3 4 5 6 7 8 91011
Export a formatted data map to excel using the fides template.
The data map is comprised of an Organization, Systems, and Datasets.
The default organization is used, however a custom one can be
passed if required.
A custom manifest directory can be provided for the output location.
The csv flag can be used to output data as csv, while the dry
flag can be used to return data to the console instead.
Usage:
1
fides export datamap [OPTIONS]
Options:
1234567
-d, --output-dir TEXT The output directory for the data map to be exported
to.
-k, --org-key TEXT The organization_fides_key you wish to export
resources for.
--dry Prevent the persistance of any changes.
--csv Export using csv format
--help Show this message and exit.
fides export dataset
1
Export a dataset in a data map format.
Usage:
1
fides export dataset [OPTIONS] [MANIFESTS_DIR]
Options:
12
--dry Prevent the persistance of any changes.
--help Show this message and exit.
Connect to a database directly via a SQLAlchemy-style connection string and
generate a dataset manifest file that consists of every schema/table/field.
Connection string can be supplied as an option or a credentials reference
to fides config.
This is a one-time operation that does not track the state of the database.
It will need to be run again if the database schema changes.
Usage:
1
fides generate dataset db [OPTIONS] OUTPUT_FILENAME
Options:
12345
--credentials-id TEXT Use credentials defined within fides config
--connection-string TEXT Use connection string option to connect to a
database
--include-null Includes attributes that would otherwise be null.
--help Show this message and exit.
fides generate dataset gcp
1
Generate fides Dataset resources for Google Cloud Platform
Connect to a BigQuery dataset directly via a SQLAlchemy connection and
generate a dataset manifest file that consists of every schema/table/field.
A path to a google authorization keyfile can be supplied as an option, or a
credentials reference to fides config.
This is a one-time operation that does not track the state of the dataset.
It will need to be run again if the dataset schema changes.
--credentials-id TEXT Use credentials defined within fides config
--keyfile-path TEXT
--include-null Includes attributes that would otherwise be null.
--help Show this message and exit.
fides generate system
1
Generate fides System resources
Usage:
1
fides generate system [OPTIONS] COMMAND [ARGS]...
Options:
1
--help Show this message and exit.
fides generate system aws
12345678
Connect to an aws account and generate a system manifest file that consists of every
tracked resource.
Credentials can be supplied as options, a credentials
reference to fides config, or boto3 environment configuration.
Tracked resources: [Redshift, RDS, DynamoDb, S3]
This is a one-time operation that does not track the state of the aws resources.
It will need to be run again if the tracked resources change.
Usage:
1
fides generate system aws [OPTIONS] OUTPUT_FILENAME
Options:
1 2 3 4 5 6 7 8 91011121314
--credentials-id TEXT Use credentials defined within fides config
--access_key_id TEXT Use access key id option to connect to aws.
Requires options --access_key_id,
--secret_access_key and --region
--secret_access_key TEXT Use access key option to connect to aws. Requires
options --access_key_id, --secret_access_key and
--region
--region TEXT Use region option to connect to aws. Requires
options --access_key_id, --secret_access_key and
--region
--include-null Includes attributes that would otherwise be null.
-k, --org-key TEXT The organization_fides_key you wish to export
resources for.
--help Show this message and exit.
fides generate system okta
1234567
Generates systems for your Okta applications. Connect to an Okta admin
account by providing an organization url and auth token or a credentials
reference to fides config. Auth token and organization url can also
be supplied by setting environment variables as defined by the okta python sdk.
This is a one-time operation that does not track the state of the okta resources.
It will need to be run again if the tracked resources change.
Usage:
1
fides generate system okta [OPTIONS] OUTPUT_FILENAME
Options:
123456789
--credentials-id TEXT Use credentials defined within fides config
--org-url TEXT Use org url option to connect to okta. Requires
options --org-url and --token
--token TEXT Use token option to connect to okta. Requires options
--org-url and --token
--include-null Includes attributes that would otherwise be null.
-k, --org-key TEXT The organization_fides_key you wish to export
resources for.
--help Show this message and exit.
fides get
1
View a resource from the server as a YAML object.
Usage:
12
fides get [OPTIONS] {data_category|data_qualifier|data_subject|data_use|datase
t|organization|policy|registry|system|evaluation} FIDES_KEY
Options:
1
--help Show this message and exit.
fides init
1234
Initializes a fides instance, creating the default directory (`.fides/`) and
the configuration file (`fides.toml`) if necessary.
Additionally, requests the ability to respectfully collect anonymous usage data.
Usage:
1
fides init [OPTIONS] [FIDES_DIRECTORY_LOCATION]
Options:
1
--help Show this message and exit.
fides ls
1
Get a list of all resources of this type from the server and display them as YAML.
Usage:
12
fides ls [OPTIONS] {data_category|data_qualifier|data_subject|data_use|dataset
|organization|policy|registry|system|evaluation}
Options:
1
--help Show this message and exit.
fides parse
1234
Reads the resource files that are stored in MANIFESTS_DIR and its subdirectories to verify
the validity of all manifest files.
If the taxonomy is invalid, this command prints the error messages and triggers a non-zero exit code.
Usage:
1
fides parse [OPTIONS] [MANIFESTS_DIR]
Options:
12
-v, --verbose Enable verbose output.
--help Show this message and exit.
fides pull
123456
Update local resource files by their fides_key to match their server versions.
Alternatively, with the "--all" flag all resources from the server will be pulled
down into a local file.
The pull is aborted if there are unstaged or untracked files in the manifests dir.
Usage:
1
fides pull [OPTIONS] [MANIFESTS_DIR]
Options:
123
-a, --all-resources TEXT Pulls all locally missing resources from the
server into this file.
--help Show this message and exit.
fides push
1
Validate local manifest files and persist any changes via the API server.
Usage:
1
fides push [OPTIONS] [MANIFESTS_DIR]
Options:
1234
--dry Prevent the persistance of any changes.
--diff Include any changes between server and local resources in the
command output
--help Show this message and exit.
fides scan
1
Scan external resource coverage against fides resources
Usage:
1
fides scan [OPTIONS] COMMAND [ARGS]...
Options:
1
--help Show this message and exit.
fides scan dataset
1
Scan fides Dataset resources
Usage:
1
fides scan dataset [OPTIONS] COMMAND [ARGS]...
Options:
1
--help Show this message and exit.
fides scan dataset db
123456789
Connect to a database directly via a SQLAlchemy-style connection string and
compare the database objects to existing datasets. Connection string can be
supplied as an option or a credentials reference to fides config.
If there are fields within the database that aren't listed and categorized
within one of the datasets, this counts as lacking coverage.
Outputs missing fields and has a non-zero exit if coverage is
under the stated threshold.
Usage:
1
fides scan dataset db [OPTIONS] [MANIFESTS_DIR]
Options:
123456
--credentials-id TEXT Use credentials defined within fides config
--connection-string TEXT Use connection string option to connect to a
database
-c, --coverage-threshold INTEGER RANGE
[0<=x<=100]
--help Show this message and exit.
fides scan system
1
Scan fides System resources
Usage:
1
fides scan system [OPTIONS] COMMAND [ARGS]...
Options:
1
--help Show this message and exit.
fides scan system aws
1234567
Connect to an aws account and compares tracked resources to existing systems.
Credentials can be supplied as options, a credentials reference to fides
config, or boto3 environment configuration.
Tracked resources: [Redshift, RDS, DynamoDb, S3]
Outputs missing resources and has a non-zero exit if coverage is
under the stated threshold.
Usage:
1
fides scan system aws [OPTIONS] [MANIFESTS_DIR]
Options:
1 2 3 4 5 6 7 8 9101112131415
--credentials-id TEXT Use credentials defined within fides config
--access_key_id TEXT Use access key id option to connect to aws.
Requires options --access_key_id,
--secret_access_key and --region
--secret_access_key TEXT Use access key option to connect to aws.
Requires options --access_key_id,
--secret_access_key and --region
--region TEXT Use region option to connect to aws.
Requires options --access_key_id,
--secret_access_key and --region
-k, --org-key TEXT The organization_fides_key you wish to
export resources for.
-c, --coverage-threshold INTEGER RANGE
[0<=x<=100]
--help Show this message and exit.
fides scan system okta
12345678
Scans your existing systems and compares them to found Okta applications.
Connect to an Okta admin account by providing an organization url and
auth token or a credentials reference to fides config. Auth token and
organization url can also be supplied by setting environment variables
as defined by the okta python sdk.
Outputs missing resources and has a non-zero exit if coverage is
under the stated threshold.
Usage:
1
fides scan system okta [OPTIONS] [MANIFESTS_DIR]
Options:
1 2 3 4 5 6 7 8 910
--credentials-id TEXT Use credentials defined within fides config
--org-url TEXT Use org url option to connect to okta.
Requires options --org-url and --token
--token TEXT Use token option to connect to okta.
Requires options --org-url and --token
-k, --org-key TEXT The organization_fides_key you wish to
export resources for.
-c, --coverage-threshold INTEGER RANGE
[0<=x<=100]
--help Show this message and exit.
fides status
1
Sends a request to the fides API healthcheck endpoint and prints the response.
Usage:
1
fides status [OPTIONS]
Options:
1
--help Show this message and exit.
fides user
1
Click command group for interacting with user-related functionality.
Usage:
1
fides user [OPTIONS] COMMAND [ARGS]...
Options:
1
--help Show this message and exit.
fides user create
123
Use credentials from the credentials file to create a new user.
Gives full permissions to the new user.
Usage:
1
fides user create [OPTIONS]
Options:
12345
-u, --username TEXT
-p, --password TEXT
-f, --first-name TEXT
-l, --last-name TEXT
--help Show this message and exit.
fides user login
1
Use credentials to get a user access token and write it to a credentials file.
Usage:
1
fides user login [OPTIONS]
Options:
123
-u, --username TEXT
-p, --password TEXT
--help Show this message and exit.
fides user permissions
List the scopes avaible to the current user.
Usage:
1
fides user permissions [OPTIONS]
Options:
1
--help Show this message and exit.
fides view
1
View various resources types.
Usage:
1
fides view [OPTIONS] COMMAND [ARGS]...
Options:
1
--help Show this message and exit.
fides view config
1
Prints the configuration values being used.
Usage:
1
fides view config [OPTIONS] [SECTION]
Options:
12
--exclude-unset Only print configuration values explicitly set by the user.
--help Show this message and exit.
fides webserver
1
Starts the fides API server using Uvicorn.
Usage:
1
fides webserver [OPTIONS]
Options:
12
-p, --port INTEGER
--help Show this message and exit.