CT-VL CLI Reference
The CipherTrust Vaultless Tokenization (CT-VL) Command Line Interface (CLI) is used to configure the CT-VL network and do other system-level tasks.
Listed below are the CT-VL CLI categories and the commands within each category:
Note
This article provides a high-level overview of each command category. For complete usage details on each command and its options, run the command with the
--helpoption.For tips on navigating the CLI, see CLI Navigation Cheat Sheet.
To access the CLI, see Access the CLI through a Terminal Emulator like PuTTY.
Authentication Setup Category
The auth category contains authentication setup commands -- for OAuth2 (oauth2 command), for setting and reviewing optional OAuth2 settings, and the ldap command, whose options configure and review the LDAP Server settings.
As an alternative to specifying the various LDAP settings as options to the ldap command (for example, auth ldap --server ldap://hostname:636), you can run an interactive wizard that prompts you for each setting. Run this wizard with the ldap --setup command.
Cluster Management Category
The cluster category is a subset of CT-VL commands for use with cluster management.
Below is the cluster management category commands table:
| Command | Description |
|---|---|
add | Add a node that can later create or be joined to an existing cluster. This command must be used on a node before that node can join a cluster. NOTE: Do not use with remotejoin. |
apiadmin | API admin user setup, for automated cluster set up. |
create | Create a CT-VL cluster. |
join | Join a node to an existing CT-VL cluster. NOTE: Do not use with remotejoin. |
remotejoin | Remotely join nodes to a cluster. Use in automated cluster setups. |
remove | Remove a node from a cluster. |
show | Show cluster settings. |
CipherTrust Manager Setup
Use the icapi category of CT-VL commands to register the CipherTrust Vaultless Tokenization Server to a CipherTrust Manager (CM).
Below is the CT-VL setup Commands table:
| Command | Description |
|---|---|
create | Create a private key, or certificate signing request. |
enable | Enable or disable the ICAPI interface to CT-VL servers. |
register | Register to a CM host. |
set | Set ICAPI properties, such as IP addresses, ports, and user credentials to a CM server. |
setup | Perform an interactive setup of ICAPI properties (instead of using set). |
show | Show ICAPI and CT-VL status and settings. |
test | Test connection to a CM server or access to a specified key on the CM server. |
upload | Upload a private key, signed certificate, or local CA certificate. |
Network Management Category
Use the network category to set, modify, or delete system IP addresses, and to set up CipherTrust Vaultless Tokenization Servers. The network category also contains commands for showing and testing network configurations.
Note
Each server is assigned a unique IP address.
Below is the network management category commands table:
| Command | Description |
|---|---|
arp | Manipulate the system ARP cache. |
arping | Send ARP requests to a neighbor host. |
checkport | Check port connection status of a host |
ethtool | Query network driver and hardware settings. |
ifconfig | Show or configure a network interface. |
ip | Show or configure the CT-VL network interface settings. |
netstat | Print network connections. |
nslookup | Query internet name servers. |
ntpservice | NTP service. |
ping | Pings an IP address, host name, or FQDN. |
route | Set static route. |
service | Start/stop/restart network service. |
set | Configure network device interface. |
setup | Network setup wizard. |
show | Show network device configuration. |
snmp | Show, set, or change SNMP (v2c or v3) server configuration, which can be used to monitor processes, load average, disk space, and file size. |
traceroute | Traces route to IP address or host name. |
Example - Request:
network> ip address
Example - Response:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
link/ether 00:0c:29:47:22:72 brd ff:ff:ff:ff:ff:ff
inet 10.3.201.140/16 brd 10.3.255.255 scope global dynamic eth0
valid_lft 216sec preferred_lft 216sec
inet6 fe80::20c:29ff:fe47:2272/64 scope link
valid_lft forever preferred_lft forever
WARNING! Changes made using this command are not persistent. Use the setup command to change network settings permanently.
System Configuration Category
The system configuration category enables you to configure the CT-VL host settings (such as, hostname, console port, or timezone), and view and manage other common system adminstration tasks for the server (such as, reboot or shut down, or view disk space usage or currently logged-in users).
Below is the system configuration category commands table:
| Command | Description |
|---|---|
banner | Configure SSH banner. |
cpuid | Show detailed CPUid information. |
cpuinfo | Show CPU information. |
daemon | Show daemon services that are running. |
date | Print or Set the system date and time. |
df | Report file system disk space usage. |
free | Display amount of free and used memory in the system. |
host | DNS lookup utility. |
hostname | Set/Show hostname. |
hosts | Update hosts file. |
lastlogin | Show last logged-in users. |
meminfo | Show memory information. |
reboot | Reboot system. |
shutdown | Shut down system. |
terminal | Show or terminate terminal (CLI) sessions. |
timezone | Set or show timezone. |
top | Display Linux processes. |
uname | Print system information. |
uptime | Show how long the system has been running. |
vmstat | Report virtual memory statistics. |
who | Show who is logged into the system. |
CT-VL Configuration Commands
The vts category is used to configure the CT-VL, set time parameters, configure GUI login behavior, and upgrade the CipherTrust Vaultless Tokenization Server software.
Note
The CT-VL configuration commands still retain the vts category name to ensure backward-compatibility.
The vts category consists of the following commands:
| Command | Description |
|---|---|
batch_size_limit | Tokenization Batch size limit. |
cliadmin | Cliadmin user setup. NOTE: If CT-VL runs on an AWS EC2 and has been set to use an EC2 key pair, password access is disabled, and cliadmin password commands will fail with an error message. For example, a password cannot be disabled or unlocked.To view if the cliadmin is using an AWS SSH key pair, run vts cliadmin keys --list CLI command. If the instance uses an EC2 key pair, an entry in the SSH keys will show [ec2]. |
client_certificate | Enables client authentication by requiring clients to pass a client key and CA certificate to CT-VL. NOTE: For best security, enable client certificates with identities (the --enable-with-id option) instead of without identities. |
cors | Class-Origin Resource Sharing (CORS). |
create_superuser | Create a superuser local account for Web administrative GUI access. |
logfile | List, view, or tail log files. |
loglevel | Set log level. |
randommode | Random Mode utility. |
rate_limiting | Limit the amount of tokenization requests. |
remotelog | Set remote logging. |
restore | Restore system from backup. |
server_certificate | Creates the self-signed certificate or certificate signing request and import signed certificate. |
service | CT-VL Service utility. |
show | Show the security settings. |
smtp | Configure, view, or test email notifications and underlying SMTP setup. |
ssl_ciphers | Show or set SSL cipher suites. WARNING: Non-FIPS approved SSL ciphers will be deprecated in the future. It is highly recommended you configure CT-VL to use the default SSL cipher suite (with the vts ssl_ciphers --setdefault command), otherwise the server can be open to security vulnerabilities. |
ssl_protocol | Specifies what version of the SSL (TLS) is supported by the CT-VL. |
upgrade | Upgrade CT-VL. |
weblogin | Web login setup. |
