⚠️ Porta is in beta — APIs and features may change before v1.0
Skip to content

CLI Overview

The porta CLI is the admin tool for managing your Porta identity platform from the command line. It is distributed as a standalone npm package that connects to a running Porta server via the Admin API.

Architecture

The Porta CLI has two components:

ComponentPackagePurpose
Standalone CLI@portaidentity/cliFull admin tool — 20+ commands, installs via npm
Server CLIBuilt into porta serverInfrastructure-only — init, migrate, seed, health

The standalone CLI uses the @portaidentity/sdk under the hood, authenticating via OIDC (Auth Code + PKCE) to the Porta server's Admin API. The server CLI uses direct database access for bootstrapping operations.

Installation

Install the standalone CLI globally to manage any Porta server:

bash
# Install globally
npm install -g @portaidentity/cli

# Or use npx
npx @portaidentity/cli <command>

# Verify installation
porta version

Server CLI (Docker / Development)

The server image includes infrastructure-only commands. In Docker:

bash
# Via docker exec
docker exec -it porta-app porta init
docker exec -it porta-app porta migrate up

# Via the porta.sh wrapper script
./porta init
./porta migrate up

In development:

bash
yarn porta init
yarn porta migrate up

Authentication

The standalone CLI authenticates using OIDC Authorization Code flow with PKCE:

bash
# Login (opens browser for authentication)
porta login

# Login with explicit server URL
porta login --server https://porta.example.com:3443

# Check current identity
porta whoami

# Logout
porta logout

Credentials are stored at ~/.porta/credentials.json with 0600 permissions.

Global Options

Every standalone CLI command supports these global flags:

FlagDescription
--server <url>Porta server URL (or set PORTA_SERVER env var)
--jsonOutput results as JSON instead of formatted tables
--verboseEnable verbose/debug logging
--forceSkip confirmation prompts
--insecureAllow self-signed TLS certificates

Server CLI commands support:

FlagDescription
--database-urlOverride DATABASE_URL
--redis-urlOverride REDIS_URL

Output Formatting

By default, list and show commands render results as formatted tables. Table cells are never truncated — full values, including complete UUIDs, are always printed so they can be copied directly into other commands (e.g. porta client show <full-id>).

When a table is wider than the terminal, columns are sized to fit and long values wrap onto multiple lines within their cell rather than being clipped. When output is piped or redirected (no TTY), each value is printed on a single line for easy grep/awk processing. Use --json for fully machine-readable output.

Command Reference

Standalone CLI (@portaidentity/cli)

CommandDescription
porta loginAuthenticate via OIDC (browser-based)
porta logoutClear stored credentials
porta whoamiDisplay current identity
porta versionShow CLI, SDK, and server version info
porta orgManage organizations (CRUD, status, branding, destroy)
porta appManage applications, modules, roles, permissions, claims
porta clientManage OIDC clients and secrets
porta userManage users (CRUD, status, password, roles, claims, 2FA)
porta keysManage ES256 signing keys
porta configManage system configuration
porta auditView audit log entries
porta healthCheck server health (via API)
porta provisionDeclarative environment setup from YAML/JSON
porta guiLaunch the standalone Admin GUI in your browser

Server CLI (Infrastructure Only)

These commands are available inside the Porta Docker container or development environment:

CommandDescription
porta initBootstrap admin infrastructure (direct-DB)
porta migrateRun database migrations (up/down/status)
porta seedLoad development seed data
porta healthCheck DB + Redis connectivity (direct)
porta user 2faAdmin 2FA status/disable/reset (direct-DB)

Detailed Documentation

Released under the MIT License.