Call SEAL OP-CLI

---

Call

You call SEAL OP-CLI in a command prompt or in a PowerShell on Windows or a Linux shell on Linux with the following command:

opcli <dataType> <command> <option>

---

Environment Variables

For a list of environment variables taken into account by SEAL OP-CLI, refer to Environment Variables.

Hint - priority

The value specified with the correspondent option takes priority over the one specified with the corresponent environment variable.

---

Options

The following options (<option>) are available with the SEAL OP-CLI call:

SEAL Operator Server

With the --server option, you specify the URL of the SEAL Operator server to which SEAL OP-CLI will connect if different to https://localhost:3008.

opcli <dataType> <command> --server <url>

Example - connect to the SEAL Operator server running on operator.server1.com

opcli <dataType> <command>  --server https://operator.server1.com:3008

---

Self-Signed Certificates

Specifying the --insecure option, you avoid that the certificate will be checked by the client.

opcli <dataType> <command> --insecure

---

User Authentication

For the user authentication via the configured OIDC identity provider, different options can be specified when calling SEAL OP-CLI.

User Name and Password

With the --user and --pass options, you can specify the user and the password known to the OIDC identity provider.

opcli <dataType> <command> --user <owner> --pass <password>

JSON Web Token (JWT)

With the --bearer option, you can specify the access token valid for the user known to the OIDC identity provider.

opcli <dataType> <command> --bearer <token>

Example - JSON Web token

opcli <dataType> <command> --bearer eyJ0eXAiOiJKV1QiLCJhbG...

Hint - environment variable

The JSON Web token can also be specified with the OPCLI_BEARER_TOKEN environment variable.

No Browser for Authentication

By default, the default browser will be opened for the user authentication. With the --no-browser option, you specify that the browser should not be opened for authentication.

opcli <dataType> <command> --no-browser

Authentication Process and Priority

After the successful authentication, SEAL OP-CLI receives a refresh token from the OIDC identity provider and stores it in a file. SEAL OP-CLI uses the refresh token for getting a new access token from the OIDC identity provider. The validity is configured in the OIDC identity provider.

For the user authentication, SEAL OP-CLI evalutes the data in the following order:

• --bearer option
• OPCLI_BEARER_TOKEN environment variable
• --user and --pass options
• File containing the refresh token
• Login via browser (unless --no-browser has been specified)

---

OIDC Identity Provider Settings

For the settings of the connected OIDC identity provider, different options can be specified when calling SEAL OP-CLI.

SEAL-specific Keycloak

If you use the SEAL-specific Keycloak as OIDC identity provider, the defaults of these options already fit.

OIDC Client Name

With the auth-client-id option, you specify the client name configured in the OIDC identity provider.

opcli <dataType> <command> --auth-client-id <name>

Hint - environment variable

The client name can also be specified with the OPCLI_AUTH_CLIENT_ID environment variable.

OIDC Client Secret

With the auth-client-secret option, you specify the client secret configured in the OIDC identity provider.

opcli <dataType> <command> --auth-client-secret <secret>

Hint - environment variable

The client secret can also be specified with the OPCLI_AUTH_CLIENT_SECRET environment variable.

Local Port

With the --localport option, you specify the local port for the code flow with SEAL OP-CLI.

opcli <dataType> <command> --localport <port>

---

Local HTTP Server

With the --localhttp option, you specify that the local server listening on the port specified by --localport is using HTTP instead of HTTPS for the code flow with SEAL OP-CLI.

opcli <dataType> <command> --localhttp

Hint - OIDC identity provider

The OIDC identity provider must be configured to allow the redirect URI to use HTTP.

---

Log Level

By default, the log level is set to info. With the --loglevel option, you change the log level. For the available values, refer to the LOG_LEVEL environment variable.

opcli <dataType> <command> --loglevel <logLevel>

Example - get debug messages

opcli <dataType> <command> --loglevel debug

---

Return Codes

For a list of available codes returned by SEAL OP-CLI, refer to Return Codes.

---

Display the Version of SEAL OP-CLI

opcli --version

---

Display the Options and Parameters

With the --help option at the different levels, you get the available options and parameters of the specific level.

Example - options and parameters of SEAL OP-CLI

opcli --help

Example - options and parameters available for managing tasks

opcli task --help

Example - options and parameters available for creating a task

opcli task create --help

---

SEAL OP-CLI Commands In Detail

Refer to the description of the specific SEAL OP-CLI commands:

• Manage Documents

• Manage List Items

• Manage Lists

• Manage Panels

• Manage Task Items

• Manage Tasks

• Call SEAL OP-CLI Scripts

---