Getting Started

Getting Started with the Nirmata CLI

The Nirmata CLI is available on Linux, macOS, and Windows.

Downloading the CLI and amored ASCII (asc) file

Download the latest stable release of the Nirmata CLI binary.

Set the NCTL_VERSION environment variable to the version of nctl you want to download. For example, if the latest version is 3.3.9

export NCTL_VERSION=3.3.9

Linux

curl -LO https://nirmata-downloads.s3.us-east-2.amazonaws.com/nctl/nctl_$NCTL_VERSION/nctl_$NCTL_VERSION\_linux_64-bit.zip
curl -LO https://nirmata-downloads.s3.us-east-2.amazonaws.com/nctl/nctl_$NCTL_VERSION/nctl_$NCTL_VERSION\_linux_64-bit.zip.asc

MacOS

For ARM processors:

curl -LO https://nirmata-downloads.s3.us-east-2.amazonaws.com/nctl/nctl_$NCTL_VERSION/nctl_$NCTL_VERSION\_macos_64-bit.zip
curl -LO https://nirmata-downloads.s3.us-east-2.amazonaws.com/nctl/nctl_$NCTL_VERSION/nctl_$NCTL_VERSION\_macos_64-bit.zip.asc

For x86 processors:

curl -LO https://nirmata-downloads.s3.us-east-2.amazonaws.com/nctl/nctl_$NCTL_VERSION/nctl_$NCTL_VERSION\_macos-x86_64_64-bit.zip
curl -LO https://nirmata-downloads.s3.us-east-2.amazonaws.com/nctl/nctl_$NCTL_VERSION/nctl_$NCTL_VERSION\_macos-x86_64_64-bit.zip.asc

Windows

curl -LO https://nirmata-downloads.s3.us-east-2.amazonaws.com/nctl/nctl_$NCTL_VERSION/nctl_$NCTL_VERSION\_windows_64-bit.zip
curl -LO https://nirmata-downloads.s3.us-east-2.amazonaws.com/nctl/nctl_$NCTL_VERSION/nctl_$NCTL_VERSION\_windows_64-bit.zip.asc

Verify the Download

To verify the signature of a Nirmata download:

  • Download the Nirmata PGP key (see below)
  • Use gpg to verify the download integrity
export GNUPGHOME="$(mktemp -d)"
gpg --keyserver keys.openpgp.org --recv-key 7CEE8D12BCFE419B55A5D66A4F71AE57094A908B
gpg --batch --verify <ASC_FILE> <ARCHIVED_ZIP_FILE>

For a download with a valid signature, the above commands will show an output with a line:

gpg: Good signature from "Nirmata Security <security@nirmata.com>"

PGP Key

To secure communications and verify downloads, you can use the following PGP key. You can also fetch this key from the keys.openpgp.org key server with the ID 7CEE8D12BCFE419B55A5D66A4F71AE57094A908B.

key 
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF46FmMBEAC5mu4GcQpQrLX9IEzpvcigrQLhDgTyfffO3ATTH8xp2w3DDfZQ
BGCpG+dmr5aBxZWsD34vFcSJdSrgtnKSR8KQRM5jgj2OSM1hiDwschdX2K5+luGH
xTCrKHZNZo22YGkOmkoAakkhbDH4NLcNuLV6Ra8E5TmaBwTruYnyVEgrWsmWd0xx
1GX7d4CUbe8y+ozTpLK2JzCwEA1HIs9/76OViY9i5o9AHMbX2NFW1xccEgLFS4eF
RASn7pgss0HEeJzoRt5c1E6L9A9JXIHWHNdJM7e/KwkdjuyNwgsNg8xNC7+R8riv
a4Tv+yhtSCW9UksPpzKMFGHGylwkZ69cW9IJCYfQmv8waMPqkfRyXVoIAcSrqmWl
nwrQ1kyBn4c/RX5l4WaRw99VVJsVXPS0Zqp2e1Ofw/Ho0Pmbzv7enQGLEoIy+eot
PvSENs1spEGfHNDayWGxSG50sqFHHFWHSrMopuFzZV4QATSMp49m9gauEo3TeNaJ
Xkg67qkjufcyzfBEtU65eE0tl2t+kLWLCa2CKlFbaLAJBaNF6YikVrmQ5HV1S1k2
K53ZJ9rXlJwiJdOUXnDWQ8Q1GT73ioAguojFVGFl5rBL1brXtyDlhW2Lt4tuKmZd
a9hR24qdyY5eIXY4sj1s2ZSKlUWKqSCMlUbrz4gvyuHxNr9vQfdyKDsOMQARAQAB
tCdOaXJtYXRhIFNlY3VyaXR5IDxzZWN1cml0eUBuaXJtYXRhLmNvbT6JAlQEEwEI
AD4WIQR87o0SvP5Bm1Wl1mpPca5XCUqQiwUCXjoWYwIbAwUJEswDAAULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRBPca5XCUqQi5T9D/91N0XfAuRRJqFpF/zFPyd9
NP55TPvRpnj6l5uytCmEeRP/mnUMBGlM23I+sRNJXHY9yTwglf/ZbQYf4lQ+27aJ
Fcrw6UJN/6dz2mrxGkh0GQntcwj0Pc2ws/vF941r0VlA9BtkN6D0aRj9aGQ3lgU4
wYjAPxpuIZdJg8eecs9LCYMeMxW6wTcqhGB/6y8vByFbBTEYCJ4ry28tOs2EmmoK
jRPKbaaQ8fs80il2Zj9RWqcoqUWhwN0dwwtL/MhQuT2ej8ilAB1TzJU66pzu44rM
IOvZbOsoMeiyzAdAZpFug4YA63Y+8uCf7I/04DK4fuy2U7pIFx/OAngzvfqTiMPY
eKicSImSsJSINtYBtVRYlMjsnIi4t0LvL6ibOWtyGO2l7ejcppFClEcO2kmOhdCu
TLiLlGXXIhfL2lwFGMilD13TeQydaU6ItQ3Nrvjn2Mzg0TGLAcww2n1mOu9K85CA
AejTaqlZ/tQRfAQe5LycNPJy5+xj5enp7Rp3Yu8z5H4Di4G4VCtAw66k5pmJXYn+
AbO/KCbRYF2hl8XVHDh7GC2YGcNMD7Z5dP2A5a/yIUZCLLIE2SgaShOZYSSMHZFX
9nKjz1GkNoVALy8JaUrnJuErDkVhfAFfDMFzaJ09hkQ1PlSlke1lhOBtoJQ+syrz
Qnb1wmx+P1nKeQZtUmGqGLkCDQReOhZjARAAwZ8bcgXkd3tlzgJJ/E1OIRjjJ5da
UVcwlwHXFKTxu6edackcy8vpWt3xURdY8FrEBg8fwzqyBaGTEFA3bJwxLrP9eQUN
7ZhyLZpec0Kh9p17IClWB7LuMRpxV8mUhXh0HZydi11kFhjVdHlTu6SFbQNpU211
AehgWVtHDNLJfaA9rotITc2uq8aOHHUVY/coGz3C5SasBRJEcxJhN0lvSJjSaGXe
+CgHGNcBNPvYDGFxLDpE5PzdB5FcN+6kcJynLZ8kaF43RRzzh4yA/kvBqCykcbRJ
2fBjW+ugdgrtRPKDQSduJngtcg7EcsefVsZcB5V2QSOk32pVYBfiZcy0VA8VxqAg
jwk0SwDDmM53+1HJeaAr5ejjZ/CmuzH3nuGnlivY7N9Rsaz3UWrR1njZFdP0HKWJ
dJiXxI6ECcL6meGZ1Mm7E8SjZltO0k5xvmQh60mqZPpX9hkbKm6lurZ9ZXpmBIfh
lT6UzD+y11l06aTU1Da9d3ZHofRRJHFJyEXdeh/h6dr+QCJoyCGCjSLFSGh7CrHo
fLtdFLYoTnYzH6YEa6ghlr6xQh4dh56kunSlBBZOKw7CyMu0tWVJVV/pNEMOJ9dw
d8KPjClLJJxCObFMi0zsSVzu10xd/BXncjgXtEFLhG7Jhrsloo5E41xEWXxT8R+U
yL0nOhEVYfRRdrcAEQEAAYkCPAQYAQgAJhYhBHzujRK8/kGbVaXWak9xrlcJSpCL
BQJeOhZjAhsMBQkSzAMAAAoJEE9xrlcJSpCL1DUP/RwH4okrNjGsz667VM+gxFV5
lRLI9/hmptjRPkz2h41xJjKiZP2xm4ACKyOXARQKjyQl116g/vpEtJANoczVsa14
5fR334qZf/WnvAuQ/dYmJPDibXX9Uwyje0mex+WGj5uELtw8vn9gCoRO5dQCn37+
gX+w8u6tpPxNFOCJf3xOov7pzn3kyLZh/mDIKkAAnqqOumqx/d/qRdJ3T/B9Ojol
axftBA34HSI6pDhqtX4encUM72KfZfxddGyL2/V0y7aWseTJcL0JXo6go9c2CUsR
9CKvxVZol80mh5RtJGAYVe+wpWaMEP/ns8rhs6xFoqO8qv5qNz1NYz+iTcjOd+pw
/ekeOvSobIc6W6VxuD5jrxWycPrWytRv2K60JB68tJDA6ipk9jWHi5uqK2f7nR66
32IgO/04o3CK4zg3KznFBl9ba7Keyvwz0BCA7nAVDgWCWCqIz0iSvs4aE8k7Qr2Z
wNGHPNyIuDCzJ9eRfi5ZnuSrIIwkR4LY9pwM6cqXDFDM08ZUz9YDHiii6lBiQoRD
yaXgm4eH3hCFaMVvR2Hgy7G6O/upJDCz6IC8HdYirbkrCrys4rWHrqr+ybve1otw
N4ZiNIcFCjfaCjJnnACsF5bH7FEuIgtYv15JZQIsL4ajMi1K7eXexQQLCr79sgTw
9V4Q6JD9HXyskV/e83uN
=jCzX
-----END PGP PUBLIC KEY BLOCK-----

Installing the CLI

nctl is a precompiled binary. It is distributed as a zip archive. After download, unzip the downloaded package. You can then set permissions and move the binary into a directory in your PATH.

unzip <ZIP_FILE>
chmod u+x nctl
sudo mv nctl /usr/local/bin/nctl

Test the installation using the command:

nctl version

Commands Description

At any time, to learn more about the commands and different arguments supported, refer to the help text. Here are a few examples.

nctl help
nctl clusters --help
nctl scan --help
nctl operator init --help

Login to the Nirmata Policy Manager

To interact with the Nirmata Policy Manager (NPM), you should first login to your account.

nctl login

Note: Enter the right URL, email address, and the API Key associated with your account. API Key can be generated by logging into the Nirmata account and go to the Settings -> Profile tab. On a sucessful login, you should see this line in the output - Validating user credentials...done!. The config is also written to ~/.nirmata/config

Upgrading the CLI

Upgrade nctl to stay up-to-date with the supported features, follow these steps:

  1. Check the version of installed binary and compare with the latest stable release to see if an update is required:
nctl version
  1. If the installed binary is out-dated, remove previous installation of nctl:
rm -rf /usr/local/bin/nctl
  1. Delete the .asc and .zip file downloaded at the time of install.
  2. Download the latest release of nctl binary and install it as described above in the installation instructions.
  3. After installing, check the version of the newly installed binary:
nctl version

Uninstalling the CLI

Follow these steps to uninstall nctl:

  1. Remove the installed nctl binary:
rm -rf /usr/local/bin/nctl
  1. Remove the .asc and .zip file downloaded at the time of install.
This is the final element on the page and there should be no margin below this.