LogoLogo
Ockam.ioOpen Source CodeContact usSign up
  • Intro to Ockam
  • Ockam's core concepts
  • Get started demo
  • Quickstarts
    • Add secure connectivity to your SaaS product
    • Snowflake federated queries to Postgres
    • Postgres to Snowflake
    • Snowflake to Postgres
    • Kafka to Snowflake
    • Snowflake to Kafka
    • Snowflake stage as SFTP server
    • Snowflake stage as WebDAV file share
    • Snowflake hosted private APIs
    • Federated queries from Snowflake
  • ENCRYPTED PORTALS TO ...
    • Databases
      • PostgreSQL
        • Docker
        • Kubernetes
        • Amazon RDS
        • Amazon Aurora
      • MongoDB
        • Docker
        • Kubernetes
        • Amazon EC2
      • InfluxDB
        • Amazon Timestream
    • APIs
      • Nodejs
      • Python
    • AI
      • Amazon Bedrock
      • Amazon EC2
      • Azure OpenAI
    • Code Repos
      • Gitlab Enterprise
    • Kafka
      • Apache Kafka
        • Docker
      • Redpanda
        • Self Hosted
      • Confluent
        • Cloud
      • Warpstream
        • Cloud
      • Instaclustr
        • Cloud
      • Aiven
        • Cloud
  • Reference
    • Command
      • Nodes and Workers
      • Routing and Transports
      • Relays and Portals
      • Identities and Vaults
      • Secure Channels
      • Verifiable Credentials
      • Guides
        • AWS Marketplace
          • Ockam Node
          • Ockam Node for Amazon MSK
          • Ockam Node for Amazon RDS Postgres
          • Ockam Node for Amazon Timestream InfluxDB
          • Ockam Node for Amazon Redshift
          • Ockam Node for Amazon Bedrock
      • Manual
    • Programming Libraries
      • Rust
        • Nodes and Workers
        • Routing and Transports
        • Identities and Vaults
        • Secure Channels
        • Credentials and Authorities
        • Implementation and Internals
          • Nodes and Workers
        • docs.rs/ockam
    • Protocols
      • Nodes and Workers
      • Routing and Transports
      • Keys and Vaults
      • Identities and Credentials
      • Secure Channels
      • Access Controls and Policies
Powered by GitBook
On this page
  • A step by step introduction
  • Install Ockam Command

Was this helpful?

Edit on GitHub
Export as PDF
  1. Reference

Command

Command line tools to build and orchestrate secure by design applications.

PreviousCloudNextNodes and Workers

Last updated 2 years ago

Was this helpful?

Ockam Command is our command line interface to build secure by design applications that can trust all data in motion. It makes it easy to orchestrate end-to-end encryption, mutual authentication, key management, credential management, and authorization policy enforcement – at a massive scale.

No more having to design error-prone ad-hoc ways to distribute sensitive credentials and roots of trust. Ockam's integrated approach takes away this complexity and gives you simple tools for:

End-to-end data authenticity, integrity, and privacy in any communication topology

  • Create end-to-end encrypted, authenticated secure channels over any transport topology.

  • Create secure channels over multi-hop, multi-protocol routes over TCP, UDP, WebSockets, BLE, etc.

  • Provision encrypted relays for applications distributed across many edge, cloud and data-center private networks.

  • Make any protocol secure by tunneling it through mutually authenticated and encrypted portals.

  • Bring end-to-end encryption to enterprise messaging, pub/sub and event streams - Kafka, Kinesis, RabbitMQ, etc.

Identity-based, policy driven, application layer trust – granular authentication and authorization

  • Generate cryptographically provable unique identities.

  • Store private keys in safe vaults - hardware secure enclaves and cloud key management systems.

  • Operate scalable credential authorities to issue lightweight, short-lived, revocable, attribute-based credentials.

  • Onboard fleets of self-sovereign application identities using secure enrollment protocols.

  • Rotate and revoke keys and credentials – at scale, across fleets.

  • Define and enforce project-wide attribute-based access control policies. Choose ABAC, RBAC or ACLs.

  • Integrate with enterprise identity providers and policy providers for seamless employee access.

A step by step introduction

Ockam Command provides the above collection of composable building blocks that are accessible through various sub-commands. In a step-by-step guide let's walk through various Ockam sub-commands to understand how you can use them to build end-to-end trustful communication for any application in any communication topology.

Install Ockam Command

If you haven't already, the first step is to install Ockam Command:

If you use Homebrew, you can install Ockam using brew.

# Tap and install Ockam Command
brew install build-trust/ockam/ockam

This will download a precompiled binary and add it to your path. If you don't use Homebrew, you can also install on Linux and macOS systems using curl. See instructions for other systems in the next tab.

On Linux and macOS, you can download precompiled binaries for your architecture using curl.

curl --proto '=https' --tlsv1.2 -sSf \
    https://raw.githubusercontent.com/build-trust/ockam/develop/install.sh | bash
ockam enroll

This will download a precompiled binary and add it to your path. If the above instructions don't work on your machine, please , we'd love to help.

Check that everything was installed correctly by enrolling with Ockam Orchestrator. This will create a and for you in Ockam Orchestrator.

Next, let's dive in and learn how to use .

post a question
Space
Project
Nodes and Workers
Please click the diagram to see a bigger version.