Skip to content

confluentinc/cli

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Confluent CLI

Release Build Status

The Confluent CLI lets you manage your Confluent Cloud and Confluent Platform deployments, right from the terminal.

Documentation

The Confluent CLI Overview shows how to get started with the Confluent CLI.

The Confluent CLI Command Reference contains information on command arguments and flags, and is programmatically generated from this repository.

Contributing

All contributions are appreciated, no matter how small! When opening a PR, please make sure to follow our contribution guide.

Installation

The Confluent CLI is available to install for macOS, Linux, and Windows.

Homebrew

Install the latest version of confluent to /usr/local/bin:

brew install confluentinc/tap/cli

Or, optionally install the FIPS-140 compatible version of confluent:

brew install confluentinc/tap/cli-fips

Then, follow the instructions below in the section titled "Build an OpenSSL FIPS Provider for FIPS-140 Mode".

APT (Ubuntu and Debian)

Install the latest version of confluent to /usr/bin (requires glibc 2.17 or above for amd64 and glibc 2.27 or above for arm64):

wget -qO - https://packages.confluent.io/confluent-cli/deb/archive.key | sudo apt-key add -
sudo apt install software-properties-common
sudo add-apt-repository "deb https://packages.confluent.io/confluent-cli/deb stable main"
sudo apt update && sudo apt install confluent-cli

YUM (RHEL and CentOS)

Install the latest version of confluent to /usr/bin (requires glibc 2.17 or above for amd64 and glibc 2.27 or above for arm64):

sudo rpm --import https://packages.confluent.io/confluent-cli/rpm/archive.key
sudo yum install yum-utils
sudo yum-config-manager --add-repo https://packages.confluent.io/confluent-cli/rpm/confluent-cli.repo
sudo yum clean all && sudo yum install confluent-cli

Windows

  1. Download the latest Windows ZIP file from https://github.com/confluentinc/cli/releases/latest
  2. Unzip confluent_X.X.X_windows_amd64.zip
  3. Run confluent.exe

Docker

Pull the latest version:

docker pull confluentinc/confluent-cli:latest

Pull confluent v3.6.0:

docker pull confluentinc/confluent-cli:3.6.0

Building from Source

make build
dist/confluent_$(go env GOOS)_$(go env GOARCH)/confluent -h

Cross Compile for Other Platforms

From darwin/amd64 or darwin/arm64, you can build the CLI for any other supported platform.

To build for darwin/amd64 from darwin/arm64, run the following:

GOARCH=amd64 make build

To build for darwin/arm64 from darwin/amd64, run the following:

GOARCH=arm64 make build

To build for linux/amd64 (glibc or musl), run the following:

brew install FiloSottile/musl-cross/musl-cross
GOOS=linux GOARCH=amd64 make cross-build

To build for linux/arm64 (glibc or musl), run the following:

brew install FiloSottile/musl-cross/musl-cross
GOOS=linux GOARCH=arm64 make cross-build

To build for windows/amd64, run the following:

brew install mingw-w64
GOOS=windows GOARCH=amd64 make cross-build

Building for macOS in FIPS-140 mode

Linux is built in FIPS-140 mode by default. To build the CLI for macOS in FIPS-140 mode, set the GOLANG_FIPS environment variable to "1":

GOLANG_FIPS=1 make build

Then, follow the instructions in the next section to build an OpenSSL FIPS provider.

Build an OpenSSL FIPS Provider for FIPS-140 Mode

wget "https://www.openssl.org/source/openssl-3.0.9.tar.gz"
tar -xvf openssl-3.0.9.tar.gz
cd openssl-3.0.9/
./Configure enable-fips
make install_fips DESTDIR=install

Copy the generated files into the Homebrew OpenSSL directory:

cp install/usr/local/lib/ossl-modules/fips.dylib /opt/homebrew/Cellar/openssl@3/<version>/lib/ossl-modules
cp install/usr/local/ssl/fipsmodule.cnf /opt/homebrew/etc/openssl@3/

Create a new OpenSSL configuration file for FIPS-140 mode:

cp /opt/homebrew/etc/openssl@3/openssl.cnf /opt/homebrew/etc/openssl@3/openssl-fips.cnf

Append the following to openssl-fips.cnf:

config_diagnostics = 1
openssl_conf = openssl_init

.include /opt/homebrew/etc/openssl@3/fipsmodule.cnf

[openssl_init]
providers = provider_sect
ssl_conf = ssl_module
alg_section = algorithm_sect

[provider_sect]
fips = fips_sect
default = default_sect

[default_sect]
activate = 1

[algorithm_sect]
default_properties = fips=yes

[ssl_module]
system_default = crypto_policy

[crypto_policy]
CipherString = @SECLEVEL=2:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
Ciphersuites = TLS_AES_256_GCM_SHA384
TLS.MinProtocol = TLSv1.2
TLS.MaxProtocol = TLSv1.3
DTLS.MinProtocol = DTLSv1.2
DTLS.MaxProtocol = DTLSv1.2
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224

Run the Confluent CLI in FIPS-140 mode:

env \
 DYLD_LIBRARY_PATH=/opt/homebrew/Cellar/openssl@3/<version>/lib \
 OPENSSL_CONF=/opt/homebrew/etc/openssl@3/openssl-fips.cnf \
 GOLANG_FIPS=1 \
 confluent version