Ionic Introduces New Machina CLI Tool - Ionic
Ionic introduces new Machina Tools CLI Command-Line Interface

Ionic Introduces New Machina CLI Tool

In line with our mission of providing a trusted standard for protecting and controlling access to business sensitive data, we are pleased to announce   the new Machina Command-Line Interface (CLI). The CLI is the latest addition to the collection of Machina Tools, and it is complementary to Machina SDK. It includes much of the SDK’s functionality while allowing developers and system administrators to quickly create device credentials for your Machina account, create and fetch keys, and set attributes that can be used by the Machina policy engine. The CLI also includes some handy functions that allow you to store and manage keys in key vaults, as well as encrypt and decrypt both files and raw data. It supports base64 and hex encoding and provides secure hash functions that support SHA256 and SHA512. Machina CLI is available on Windows, MacOS, and Linux.

With this new tool set, development teams and system administrators can quickly integrate the policy-driven data protection and access control capabilities of Machina into their current workflows or infrastructure by either invoking commands directly from the system’s terminal or automating common tasks in scripts that utilize the CLI’s extensive feature set. Now the same trusted service that secures your applications can protect any system in your corporate ecosystem, such as a build system or firewall, without the need to compile or deploy custom applications that utilize Machina SDKs.

Machina CLI Use Cases

Machina SDKs can be applied to a multitude of use cases. But Machina CLI narrows activities to those things you can accomplish from the command line. Here’s a few ideas:

A continuous integration system, for example, can trigger a post build script that protects and assigns policy to the artifacts it generates. Similarly, a firewall generating logs, or an application generating usage reports can leverage Machina to secure their assets with a simple command line hook. 

The ability to have artifacts generated by third-party systems using the CLI and consumed at runtime by custom applications utilizing the SDK, closes the gap between AppDev and Ops while consolidating the access control of sensitive data under a single console. For example, if an API key or certificate required by an application at runtime is checked into a hosted source control repository, such as Github, it can be protected by a script using the Machina CLI and either a pre-commit or pre-receive hook. Then, if that application is later compiled and deployed to a cloud computing platform like AWS or Google’s App Engine, the application can utilize Machina SDK to access the plaintext API key or certificate at runtime. 

This not only keeps the sensitive strings compiled into source code invisible to the services hosting your build, deployment and runtime environments, it allows you to monitor and revoke access to any Machina secured asset dynamically and centrally from Machina Console. 

For details and a sample integration using Git pre-commit hooks, checkout our Source Control tutorial to learn how to secure your development pipeline with Machina.

Using Machina CLI

Invoking Machina from the command line is simple:

Create User Profile

Device Profiles are integral to secure, authenticated interactions with Machina. To enroll a user profile and save it in a password persistor, provide the –devicetype, –devicepassword, and –devicefile options to specify where to save the password protected persistor and provide the user’s –pass –email and the keyspace or –kns associated with that user to the `profile enroll` sub-command like this:

machina \
    --devicetype password \
    --devicepw aSamplePassowrd \
    --devicefile ~/.ionicsecurity/ \
    profile enroll \
    --pass machinaUserPassword \
    --email \
    --kns Magv

For a complete walkthrough of working with device profiles using machina cli, visit the Profiles tutorial on Ionic Developers and select either powershell or bash as your preferred language.

Secure a File

To secure a file, provide the same device options, so the tool can access the profile to perform the operation on its behalf, and provide the –in and –out paths to the `file encrypt` sub-command.

machina \
    --devicetype password \
    --devicepw aSamplePassowrd \
    --devicefile ~/.ionicsecurity/ \
    file encrypt \
    --in ~/sample.txt \
    --out ~/sample-secured.txt

Now you can reference the Machina Console to see the details of each operation performed by the CLI on behalf of this device:

To learn more about encrypting and decrypting data using machina cli, go to the Machina Ciphers tutorials page and select powershell or bash.


Decoupling the core services of Machina from the application has not only simplified the integration process and eliminated the need for a development team to do so, but it has also opened the platform to entirely new possibilities. To help get your team started, we have created several example scripts covering the basics. 

We look forward to seeing what the Machina community creates with these tools. If you are new to Machina we invite you to Create an Account and visit our Getting Started blog.