CLI
These are autogenerated CLI docs that reflect the latest PyPI release.
fides
Command-line tool for the Fides privacy engineering platform.
Note: The common MANIFESTS_DIR argument _always defaults to ".fides/" if not specified._
Usage:
1 | |
fides annotate
Interactively annotate Fides resources.
Usage:
1 | |
fides annotate dataset
Interactively annotate a dataset file in-place.
Usage:
1 | |
fides db
Run actions against the application database.
Usage:
1 | |
fides db init
Runs all upgrade migrations for the Fides database.
Will also automatically initialize a fresh database.
WARNING: Deprecated, use upgrade instead.
Usage:
1 | |
fides db migrate-consent-encryption
Encrypt or decrypt v3 privacy preferences record_data.
Warning: This script is not meant for production use.
Run this while the server is stopped or no privacy preferences records are being saved, before toggling FIDES__CONSENT__CONSENT_V3_ENCRYPTION_ENABLED.
Usage:
1 | |
fides db reset
Reset the database back to its initial state.
Usage:
1 | |
fides db upgrade
Runs all upgrade migrations for the Fides database.
Will also automatically initialize a fresh database.
Usage:
1 | |
fides delete
Delete an object from the server.
Usage:
1 2 3 4 5 | |
fides deploy
Deploy a sample project locally to try out Fides.
Usage:
1 | |
fides deploy down
Stops the sample project and removes all volumes.
Usage:
1 | |
fides deploy up
Starts a sample project via docker compose.
Usage:
1 | |
fides evaluate
Evaluate System-level Privacy Declarations against Organization-level Policy Rules.
Usage:
1 | |
fides generate
Programmatically generate Fides objects.
Usage:
1 | |
fides generate dataset
Generate Fides datasets.
Usage:
1 | |
fides generate dataset aws
Generate Fides datasets from specific Amazon Web Services.
Usage:
1 | |
fides generate dataset aws dynamodb
Generates a dataset object from DynamoDB using the AWS boto3 connection config.
Usage:
1 | |
fides generate dataset db
Generate a Fides dataset by walking a database and recording every schema/table/field.
Usage:
1 | |
fides generate dataset gcp
Generate Fides datasets from Google Cloud Platform.
Usage:
1 | |
fides generate dataset gcp bigquery
Generate a dataset object from BigQuery using a SQLAlchemy connection string.
Usage:
1 | |
fides generate system
Generate Fides systems.
Usage:
1 | |
fides generate system aws
Connect to an aws account and generate a system manifest file that consists of every tracked resource.
Usage:
1 | |
fides generate system okta
Generates systems from your Okta applications. Connects via OAuth2 client credentials.
Usage:
1 | |
fides get
View an object from the server.
Usage:
1 2 3 4 5 | |
fides init
Initializes a Fides instance by creating the default directory and configuration file if not present.
Usage:
1 | |
fides ls
View all objects of a single type from the server.
Usage:
1 2 3 4 | |
fides parse
Parse all Fides objects located in the supplied directory.
Usage:
1 | |
fides pbac
Policy-Based Access Control evaluation commands.
Usage:
1 | |
fides pbac evaluate
Run the full PBAC pipeline over SQL with YAML fixtures.
Reads SQL from INPUT_FILE (or stdin), parses each statement with sqlglot, extracts table references, and runs the full pipeline (identity resolution, dataset resolution, purpose evaluation, gap reclassification, policy filtering) via the Go evaluation library.
Example: fides pbac evaluate \ --config pbac/ \ --identity alice@demo.example \ pbac/entries/alice.txt
Usage:
1 | |
fides pbac evaluate-policies
Evaluate access policies against a PBAC violation.
Reads JSON from INPUT_FILE (or stdin if omitted).
Expected JSON schema: { "policies": [ { "key": "allow-marketing", "priority": 100, "enabled": true, "decision": "ALLOW", "match": {"data_use": {"any": ["marketing"]}}, "unless": [...], "action": {"message": "..."} } ], "request": { "data_uses": ["marketing.advertising"], "data_categories": ["user.contact.email"], "context": {"consent": {"do_not_sell": "opt_out"}} } }
Usage:
1 | |
fides pbac evaluate-purpose
Evaluate purpose overlap between a consumer and datasets.
Reads JSON from INPUT_FILE (or stdin if omitted).
Expected JSON schema: { "consumer": { "consumer_id": "...", "consumer_name": "...", "purpose_keys": ["billing", "analytics"] }, "datasets": { "dataset_key": { "dataset_key": "...", "purpose_keys": ["billing"], "collection_purposes": {"collection_name": ["purpose1"]} } }, "collections": {"dataset_key": ["collection1", "collection2"]} }
Usage:
1 | |
fides pull
Update local resource files based on the state of the objects on the server.
Usage:
1 | |
Options:
1 | |
fides pull all
Retrieve all resources from the server and update the local manifest files.
Usage:
1 | |
Options:
1 2 3 | |
fides pull data_category
Retrieve a specific data_category from the server and update the local manifest files.
Usage:
1 | |
Options:
1 | |
fides pull data_subject
Retrieve a specific data_subject from the server and update the local manifest files.
Usage:
1 | |
Options:
1 | |
fides pull data_use
Retrieve a specific data_use from the server and update the local manifest files.
Usage:
1 | |
Options:
1 | |
fides pull dataset
Retrieve datasets from the server and update the local manifest files.
If FIDES_KEY is provided, only that dataset will be pulled. If --all-resources is specified, all datasets will be pulled. If --separate-files is specified, each dataset will be written to a separate file.
Usage:
1 | |
Options:
1 2 3 4 | |
fides pull system
Retrieve a specific system from the server and update the local manifest files.
Usage:
1 | |
Options:
1 | |
fides push
Parse local manifest files and upload them to the server.
Usage:
1 | |
fides scan
Scan and report on discrepancies between Fides resource files and real infrastructure.
Usage:
1 | |
fides scan dataset
Scan and report on Fides Dataset resources.
Usage:
1 | |
fides scan dataset db
Scan a database directly using a SQLAlchemy-style connection string.
If there are fields within the database that aren't listed and categorized within one of the datasets, this counts as lacking coverage.
Usage:
1 | |
fides scan system
Scan and report on Fides System resources.
Usage:
1 | |
fides scan system aws
Scan an AWS account and compare objects with annotated Fides Systems.
Scannable resources: [Redshift, RDS, DynamoDb, S3]
Usage:
1 | |
fides scan system okta
Scan an Okta account and compare applications with annotated Fides Systems.
Usage:
1 | |
fides status
Check Fides server availability.
Usage:
1 | |
fides user
Click command group for interacting with user-related functionality.
Usage:
1 | |
fides user create
Use the credentials file to create a new user. Gives full permissions to the new user.
Usage:
1 | |
fides user login
Authenticate with the webserver and generate a user access token. Then store those credentials in a credentials file.
Usage:
1 | |
fides user permissions
List the directly-assigned scopes and roles available to the current user.
Usage:
1 | |
fides view
View various resources types.
Usage:
1 | |
fides view config
Prints the configuration values being used for this command-line instance.
Note: To see the configuration values being used by the webserver, GET the /api/v1/config endpoint.
Usage:
1 | |
fides view credentials
Prints the credentials file.
Usage:
1 | |
fides webserver
Start the Fides webserver.
Requires Redis and Postgres to be configured and running
Usage:
1 | |
fides worker
Start a Celery worker for the Fides webserver.
Usage:
1 | |