PyPI - bt-cli - Versions diffs - 0.4.7__py3-none-any.whl → 0.4.9__py3-none-any.whl - Mend

bt-cli 0.4.7py3-none-any.whl → 0.4.9py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

bt_cli/__init__.py +1 -1
bt_cli-0.4.9.dist-info/METADATA +417 -0
{bt_cli-0.4.7.dist-info → bt_cli-0.4.9.dist-info}/RECORD +5 -5
bt_cli-0.4.7.dist-info/METADATA +0 -172
{bt_cli-0.4.7.dist-info → bt_cli-0.4.9.dist-info}/WHEEL +0 -0
{bt_cli-0.4.7.dist-info → bt_cli-0.4.9.dist-info}/entry_points.txt +0 -0

bt_cli/__init__.py CHANGED Viewed

@@ -1,3 +1,3 @@
 """BeyondTrust Unified Admin CLI."""
-__version__ = "0.4.7"
+__version__ = "0.4.9"

bt_cli-0.4.9.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,417 @@
+Metadata-Version: 2.4
+Name: bt-cli
+Version: 0.4.9
+Summary: BeyondTrust Platform CLI (unofficial) - Password Safe, Entitle, PRA, EPM
+Author-email: Dave Grendysz <dgrendysz@beyondtrust.com>
+License: MIT
+Keywords: beyondtrust,cli,pam,password-safe,privileged-access,security
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Systems Administration
+Requires-Python: >=3.9
+Requires-Dist: httpx>=0.27.0
+Requires-Dist: pydantic>=2.0.0
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: pyyaml>=6.0.0
+Requires-Dist: rich<15.0.0,>=13.7.0
+Requires-Dist: shellingham>=1.5.0
+Requires-Dist: typer<1.0.0,>=0.12.0
+Provides-Extra: all
+Requires-Dist: keyring>=24.0.0; extra == 'all'
+Provides-Extra: dev
+Requires-Dist: pyinstaller>=6.0.0; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
+Requires-Dist: pytest-cov>=4.0.0; extra == 'dev'
+Requires-Dist: pytest>=8.0.0; extra == 'dev'
+Requires-Dist: respx>=0.21.0; extra == 'dev'
+Provides-Extra: keyring
+Requires-Dist: keyring>=24.0.0; extra == 'keyring'
+Provides-Extra: test
+Requires-Dist: pytest-asyncio>=0.23.0; extra == 'test'
+Requires-Dist: pytest-cov>=4.0.0; extra == 'test'
+Requires-Dist: pytest>=8.0.0; extra == 'test'
+Requires-Dist: respx>=0.21.0; extra == 'test'
+Description-Content-Type: text/markdown
+# BT-CLI
+Unofficial BeyondTrust Platform CLI - manage privileged access across your environment from a single command line.
+## Supported Products
+| Product | Command | Description |
+|---------|---------|-------------|
+| **Password Safe** | `bt pws` | Credential vaulting, secrets management, password rotation |
+| **Entitle** | `bt entitle` | Just-in-time access requests and approval workflows |
+| **PRA** | `bt pra` | Privileged remote access - jump items, sessions, vault |
+| **EPM Windows** | `bt epmw` | Endpoint privilege management - computers, policies, admin requests |
+## Installation
+```bash
+pip install bt-cli
+bt version
+```
+## Configuration
+Set environment variables for each product you want to use. You only need to configure the products you'll use.
+### Password Safe
+```bash
+# Option 1: OAuth (recommended)
+export BT_PWS_API_URL=https://your-server/BeyondTrust/api/public/v3
+export BT_PWS_CLIENT_ID=your-client-id
+export BT_PWS_CLIENT_SECRET=your-client-secret
+# Option 2: API Key
+export BT_PWS_API_URL=https://your-server/BeyondTrust/api/public/v3
+export BT_PWS_API_KEY=your-api-key
+```
+### Entitle
+```bash
+export BT_ENTITLE_API_URL=https://api.us.entitle.io
+export BT_ENTITLE_API_KEY=your-api-key
+```
+### PRA (Privileged Remote Access)
+```bash
+export BT_PRA_API_URL=https://your-site.beyondtrustcloud.com
+export BT_PRA_CLIENT_ID=your-client-id
+export BT_PRA_CLIENT_SECRET=your-client-secret
+```
+### EPM Windows
+```bash
+export BT_EPM_API_URL=https://your-site-services.epm.bt3ng.com
+export BT_EPM_CLIENT_ID=your-client-id
+export BT_EPM_CLIENT_SECRET=your-client-secret
+```
+### Using a .env File
+Create a `.env` file and source it before running commands:
+```bash
+source .env
+bt pws auth test
+```
+### Test Your Configuration
+```bash
+bt pws auth test      # Test Password Safe connection
+bt entitle auth test  # Test Entitle connection
+bt pra auth test      # Test PRA connection
+bt epmw auth test     # Test EPM Windows connection
+```
+---
+## Command Reference
+### Password Safe (`bt pws`)
+#### Systems
+```bash
+bt pws systems list                    # List all managed systems
+bt pws systems list -o json            # Output as JSON
+bt pws systems get <system-id>         # Get system details
+bt pws systems create -n "name" -i "10.0.1.50" -w <workgroup-id> -p <platform-id>
+bt pws systems delete <system-id>
+```
+#### Accounts
+```bash
+bt pws accounts list                   # List all managed accounts
+bt pws accounts list -s <system-id>    # List accounts for a system
+bt pws accounts get <account-id>       # Get account details
+```
+#### Credentials (Checkout/Checkin)
+```bash
+bt pws credentials request <system> <account>     # Request credential checkout
+bt pws credentials show <request-id>              # Show checked-out password
+bt pws credentials checkin <request-id>           # Check in credential
+```
+#### Secrets Safe
+```bash
+bt pws secrets safes list              # List safes
+bt pws secrets folders list <safe>     # List folders in a safe
+bt pws secrets list <safe> <folder>    # List secrets
+bt pws secrets get <safe> <folder> <title>        # Get secret value
+bt pws secrets create <safe> <folder> <title> <value>
+```
+#### Quick Commands (Workflows)
+```bash
+# Checkout a credential (combines request + show)
+bt pws quick checkout -s "system-name" -a "account-name"
+bt pws quick checkout -s "system-name" -a "account-name" --raw  # Password only
+# Onboard a new system with account
+bt pws quick onboard -n "hostname" -i "10.0.1.50" -w <workgroup-id> -f <functional-account-id>
+# Offboard (remove system and accounts)
+bt pws quick offboard -s "system-name"
+```
+#### Other Commands
+```bash
+bt pws workgroups list                 # List workgroups
+bt pws platforms list                  # List platforms
+bt pws functional list                 # List functional accounts
+```
+---
+### Entitle (`bt entitle`)
+#### Integrations
+```bash
+bt entitle integrations list           # List all integrations
+bt entitle integrations get <id>       # Get integration details
+```
+#### Resources
+```bash
+bt entitle resources list              # List all resources
+bt entitle resources list -s "search"  # Search resources
+bt entitle resources get <id>          # Get resource details
+```
+#### Bundles
+```bash
+bt entitle bundles list                # List access bundles
+bt entitle bundles get <id>            # Get bundle details
+```
+#### Workflows
+```bash
+bt entitle workflows list              # List approval workflows
+bt entitle workflows get <id>          # Get workflow details
+```
+#### Permissions
+```bash
+bt entitle permissions list            # List all permissions
+bt entitle permissions list -u <user>  # List user's permissions
+bt entitle permissions revoke <id>     # Revoke a permission
+```
+#### Users
+```bash
+bt entitle users list                  # List users
+bt entitle users get <id>              # Get user details
+```
+---
+### PRA (`bt pra`)
+#### Jump Items - Shell (SSH)
+```bash
+bt pra jump-items shell list           # List SSH jump items
+bt pra jump-items shell get <id>       # Get jump item details
+bt pra jump-items shell create -n "name" -h "hostname" -j <jumpoint-id> -g <jump-group-id>
+bt pra jump-items shell delete <id>
+```
+#### Jump Items - RDP
+```bash
+bt pra jump-items rdp list             # List RDP jump items
+bt pra jump-items rdp create -n "name" -h "hostname" -j <jumpoint-id> -g <jump-group-id>
+```
+#### Vault Accounts
+```bash
+bt pra vault list                      # List vault accounts
+bt pra vault get <id>                  # Get vault account details
+bt pra vault checkout <id>             # Checkout credentials
+bt pra vault checkin <id>              # Checkin credentials
+bt pra vault rotate <id>               # Rotate password
+```
+#### Jump Groups
+```bash
+bt pra jump-groups list                # List jump groups
+bt pra jump-groups get <id>            # Get group details
+bt pra jump-groups create -n "name"    # Create jump group
+```
+#### Jumpoints
+```bash
+bt pra jumpoints list                  # List jumpoints
+bt pra jumpoints get <id>              # Get jumpoint details
+```
+#### Quick Commands
+```bash
+# Create shell jump with vault account
+bt pra quick shell-jump -n "name" -h "host" -j <jumpoint> -g <group> --vault-account <account-id>
+```
+---
+### EPM Windows (`bt epmw`)
+#### Computers
+```bash
+bt epmw computers list                 # List managed computers
+bt epmw computers list -o json         # Output as JSON
+bt epmw computers get <id>             # Get computer details
+bt epmw computers archive <id>         # Archive (remove) computer
+```
+#### Groups
+```bash
+bt epmw groups list                    # List computer groups
+bt epmw groups get <id>                # Get group details
+```
+#### Policies
+```bash
+bt epmw policies list                  # List policies
+bt epmw policies get <id>              # Get policy details
+bt epmw policies download <id>         # Download policy XML
+```
+#### Admin Requests
+```bash
+bt epmw requests list                  # List pending requests
+bt epmw requests list --status approved
+bt epmw requests approve <id>          # Approve request
+bt epmw requests deny <id> -r "reason" # Deny request
+```
+#### Events & Audits
+```bash
+bt epmw events list                    # List recent events
+bt epmw events list --hours 48         # Events from last 48 hours
+bt epmw events search -q "keyword"     # Search events
+bt epmw audits list                    # List audit logs
+```
+---
+### Cross-Product Commands (`bt quick`)
+For environments with both Password Safe and PRA (PASM):
+```bash
+# Onboard system to both PWS and PRA
+bt quick pasm-onboard -n "hostname" -i "10.0.1.50" -w <workgroup> -j <jumpoint> -g <jump-group>
+# Offboard from both
+bt quick pasm-offboard -n "hostname"
+# Search across both products
+bt quick pasm-search -q "hostname"
+```
+---
+## Output Formats
+All list commands support multiple output formats:
+```bash
+bt pws systems list              # Default table format
+bt pws systems list -o json      # JSON output
+bt pws systems list -o json | jq # Pipe to jq for processing
+```
+### Scripting with Raw Output
+```bash
+# Get just the password for scripting
+PASSWORD=$(bt pws quick checkout -s "server" -a "admin" --raw)
+# Use in SSH
+sshpass -p "$PASSWORD" ssh admin@server
+```
+---
+## Concepts
+### Password Safe: Functional vs Managed Accounts
+**Functional accounts** are service accounts used BY Password Safe to connect to and manage systems. They perform password rotation, discovery, and other automated tasks.
+**Managed accounts** are the accounts ON systems that Password Safe stores and rotates passwords for. These are what users check out.
+```bash
+# List functional accounts (for system management)
+bt pws functional list
+# List managed accounts (for checkout)
+bt pws accounts list
+```
+### PRA: Jump Items and Jumpoints
+**Jumpoints** are agents installed in your network that facilitate connections. **Jump items** are the actual connection definitions (SSH, RDP, etc.) that use jumpoints.
+```bash
+# Find available jumpoints
+bt pra jumpoints list
+# Create a jump item using a jumpoint
+bt pra jump-items shell create -n "my-server" -h "10.0.1.50" -j <jumpoint-id> -g <group-id>
+```
+---
+## Troubleshooting
+### Authentication Errors
+```bash
+# Test connectivity
+bt pws auth test
+# Enable debug output to see API calls
+export BT_SHOW_REST=true
+bt pws systems list
+```
+### SSL Certificate Issues
+For self-signed certificates (not recommended for production):
+```bash
+export BT_SSL_INSECURE_ALLOW=true
+```
+### Common Issues
+| Error | Solution |
+|-------|----------|
+| 401 Unauthorized | Check credentials in environment variables |
+| 403 Forbidden | Verify API user has required permissions |
+| 404 Not Found | Check API URL format and resource IDs |
+| Connection refused | Verify URL and network connectivity |
+| EPMW 405 on delete | Use `archive` instead of `delete` for computers |
+---
+## License
+MIT License - This is an unofficial tool not affiliated with or supported by BeyondTrust.

{bt_cli-0.4.7.dist-info → bt_cli-0.4.9.dist-info}/RECORD RENAMED Viewed

@@ -1,4 +1,4 @@
-bt_cli/__init__.py,sha256=C4EHXqTG5_uRHc4hltw_md-Q6MreNcs5ldgmGTqbqhA,60
+bt_cli/__init__.py,sha256=J5N-KHzhIH4xHZNVUW8NVKkg35xAvsZKv7KxS48wXx8,60
 bt_cli/cli.py,sha256=u2B59fO-8uH0200TbcaBiy387wuc7j_-1pUgZFXphQA,29554
 bt_cli/commands/__init__.py,sha256=Wrf3ZV1sf7JCilbv93VqoWWTyj0d-y4saAaVFD5apU8,38
 bt_cli/commands/configure.py,sha256=f3tn09eRDqlGQIq1gpuxj984S4CARYbmKI4XrqxPAAM,14270
@@ -115,7 +115,7 @@ bt_cli/pws/models/account.py,sha256=OSCMyULPOH1Yu2WOzK0ZQhSRrggGpb2JPHScwGLqUgI,
 bt_cli/pws/models/asset.py,sha256=Fl0AlR4_9Yyyu36FL1eKF29DNsxsB-r7FaOBRlfOg2Q,4081
 bt_cli/pws/models/common.py,sha256=D9Ah4ob5CIiFhTt_IR9nF2cBWRHS2z9OyBR2Sss5yzw,3487
 bt_cli/pws/models/system.py,sha256=D_J0x1A92H2n6BsaBEK9PSAAcs3BTifA5-M9SQqQFGA,5856
-bt_cli-0.4.7.dist-info/METADATA,sha256=N6CiZvr8wC78Xt9SjgR8ekFKymBG92LIybVRXzfK2go,4927
-bt_cli-0.4.7.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-bt_cli-0.4.7.dist-info/entry_points.txt,sha256=NCOEqTI-XKpJOux0JKKhbRElz0B7upayh_d99X5hoLs,38
-bt_cli-0.4.7.dist-info/RECORD,,
+bt_cli-0.4.9.dist-info/METADATA,sha256=QcUQ3SQhV3vZXumno8UpY8zIRz33eQW9Q4ZIwUiZvKo,11802
+bt_cli-0.4.9.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+bt_cli-0.4.9.dist-info/entry_points.txt,sha256=NCOEqTI-XKpJOux0JKKhbRElz0B7upayh_d99X5hoLs,38
+bt_cli-0.4.9.dist-info/RECORD,,

bt_cli-0.4.7.dist-info/METADATA DELETED Viewed

@@ -1,172 +0,0 @@
-Metadata-Version: 2.4
-Name: bt-cli
-Version: 0.4.7
-Summary: BeyondTrust Platform CLI (unofficial) - Password Safe, Entitle, PRA, EPM
-Author-email: Dave Grendysz <dgrendysz@beyondtrust.com>
-License: MIT
-Keywords: beyondtrust,cli,pam,password-safe,privileged-access,security
-Classifier: Development Status :: 4 - Beta
-Classifier: Environment :: Console
-Classifier: Intended Audience :: Developers
-Classifier: Intended Audience :: System Administrators
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Topic :: Security
-Classifier: Topic :: System :: Systems Administration
-Requires-Python: >=3.10
-Requires-Dist: httpx>=0.27.0
-Requires-Dist: pydantic>=2.0.0
-Requires-Dist: python-dotenv>=1.0.0
-Requires-Dist: pyyaml>=6.0.0
-Requires-Dist: rich<15.0.0,>=13.7.0
-Requires-Dist: shellingham>=1.5.0
-Requires-Dist: typer<1.0.0,>=0.12.0
-Provides-Extra: all
-Requires-Dist: keyring>=24.0.0; extra == 'all'
-Provides-Extra: dev
-Requires-Dist: pyinstaller>=6.0.0; extra == 'dev'
-Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
-Requires-Dist: pytest-cov>=4.0.0; extra == 'dev'
-Requires-Dist: pytest>=8.0.0; extra == 'dev'
-Requires-Dist: respx>=0.21.0; extra == 'dev'
-Provides-Extra: keyring
-Requires-Dist: keyring>=24.0.0; extra == 'keyring'
-Provides-Extra: test
-Requires-Dist: pytest-asyncio>=0.23.0; extra == 'test'
-Requires-Dist: pytest-cov>=4.0.0; extra == 'test'
-Requires-Dist: pytest>=8.0.0; extra == 'test'
-Requires-Dist: respx>=0.21.0; extra == 'test'
-Description-Content-Type: text/markdown
-# BT-CLI
-Unofficial BeyondTrust Platform CLI - manage privileged access across your environment from a single command line.
-## Supported Products
-| Product | Command | Description |
-|---------|---------|-------------|
-| **Password Safe** | `bt pws` | Credential vaulting, secrets management, password rotation |
-| **Entitle** | `bt entitle` | Just-in-time access requests and approval workflows |
-| **PRA** | `bt pra` | Privileged remote access - jump items, sessions, vault |
-| **EPM Windows** | `bt epmw` | Endpoint privilege management - computers, policies, admin requests |
-## What You Can Do
-**Credential Management (Password Safe)**
-- Check out/in credentials for managed systems
-- Store and retrieve secrets in Secrets Safe
-- Manage systems, accounts, and password rotation policies
-**Just-in-Time Access (Entitle)**
-- View available access bundles and integrations
-- Check user permissions and active grants
-- Manage resources across connected applications
-**Remote Access (PRA)**
-- List and create jump items (SSH, RDP, tunnels)
-- Manage vault accounts and credential checkout
-- Organize access with jump groups
-**Endpoint Privilege (EPM Windows)**
-- View managed computers and their status
-- Assign policies to computer groups
-- Approve or deny admin access requests
-## Installation
-### From PyPI (Recommended)
-```bash
-pip install bt-cli
-# Verify
-bt version
-```
-### From Source
-```bash
-# Clone and install
-git clone <repository-url>
-cd bt-cli
-# Create virtual environment
-python -m venv .venv
-source .venv/bin/activate  # Linux/macOS
-# or: .venv\Scripts\activate  # Windows
-# Install
-pip install -e .
-# Verify
-bt version
-```
-## Configuration
-Set environment variables for each product you want to use:
-```bash
-# Password Safe (OAuth)
-export BT_PWS_API_URL=https://your-server/BeyondTrust/api/public/v3
-export BT_PWS_CLIENT_ID=your-client-id
-export BT_PWS_CLIENT_SECRET=your-client-secret
-# Entitle
-export BT_ENTITLE_API_URL=https://api.us.entitle.io
-export BT_ENTITLE_API_KEY=your-api-key
-# PRA
-export BT_PRA_API_URL=https://your-site.beyondtrustcloud.com
-export BT_PRA_CLIENT_ID=your-client-id
-export BT_PRA_CLIENT_SECRET=your-client-secret
-# EPM Windows
-export BT_EPM_API_URL=https://your-site-services.epm.bt3ng.com
-export BT_EPM_CLIENT_ID=your-client-id
-export BT_EPM_CLIENT_SECRET=your-client-secret
-```
-On Windows PowerShell:
-```powershell
-$env:BT_PWS_API_URL = "https://your-server/BeyondTrust/api/public/v3"
-$env:BT_PWS_CLIENT_ID = "your-client-id"
-$env:BT_PWS_CLIENT_SECRET = "your-client-secret"
-# ... etc
-```
-Or use a `.env` file and source it before running commands.
-## Quick Start
-```bash
-# Test all connections
-bt pws auth test
-bt entitle auth test
-bt pra auth test
-bt epmw auth test
-# Explore resources
-bt pws systems list
-bt entitle integrations list
-bt pra jump-groups list
-bt epmw computers list
-```
-## Output Formats
-All commands support table (default) or JSON output:
-```bash
-bt pws systems list           # Human-readable table
-bt pws systems list -o json   # JSON for scripting
-```
-## Documentation
-See [CLAUDE.md](CLAUDE.md) for complete command reference, environment details, and cross-product workflows.

{bt_cli-0.4.7.dist-info → bt_cli-0.4.9.dist-info}/WHEEL RENAMED Viewed

File without changes

{bt_cli-0.4.7.dist-info → bt_cli-0.4.9.dist-info}/entry_points.txt RENAMED Viewed

File without changes

bt-cli 0.4.7__py3-none-any.whl → 0.4.9__py3-none-any.whl

bt-cli 0.4.7py3-none-any.whl → 0.4.9py3-none-any.whl