Privasys
Privasys CLI

Overview

The privasys command-line interface. Sign in with your wallet, deploy WASM or container apps, manage keys in the vault, and verify hardware attestation from your terminal, your CI pipeline, or an AI agent.

The privasys CLI is a single binary that drives the whole Privasys Platform: wallet authentication, the app lifecycle, the vault key store, teams, billing, and client-side attestation. It is built for three audiences: developers, CI pipelines, and AI agents.

It talks only to the public platform API and, for the data plane, directly to enclaves over RA-TLS. There is no proprietary control plane in the path when you call or attest an app.

The source is public and AGPL-3.0 at github.com/Privasys/cli.

Quickstart

curl -fsSL https://raw.githubusercontent.com/Privasys/cli/main/install.sh | sh

privasys auth login                          # scan the QR with your Privasys Wallet
privasys apps deploy my-app --watch          # build, roll out, and follow progress
privasys attest my-app                       # challenge the enclave and verify its quote
privasys apps call my-app hello --data '{}'  # call it directly over RA-TLS

Commands that take an app accept either its id or its name.

The rule that matters

privasys attest connects to the app's enclave, challenges it with a fresh nonce, and verifies the hardware quote against the attestation server. Attestation is client-side: you trust the enclave's hardware evidence, never the control plane. Attest before you trust an endpoint.

In this section

Command groups

GroupCommands
appslist, describe, create, store-listing, upload, delete, versions (incl. stage/pending/promote/revoke), deploy, update, upgrade, rotate-key, export-key, cosign, migrate-constellation, deployments, stop, api, mcp, call, configure, action, builds, owners
vaultcreate, list, rm; key create/list/rm/sign/public/wrap/unwrap/rotate/audit; serve (Azure Key Vault-shaped REST facade)
secretscreate, export (user-owned keys in the vault)
registryadd, status, rm (private-image pull credentials)
accountshow, update
teamlist, add, set-role, remove
billingbalance, usage, ledger, status, subscribe, buy-credits, portal
attestattest <app>
authlogin, begin, poll, activate-service-account, whoami, print-access-token, list, logout
agentsinit
mcpserve
configset, get, list
Edit on GitHub