In line with our mission of providing a trusted standard for protecting and controlling access to business sensitive data, we are pleased to announce
With this new tool set, development teams and system administrators can quickly integrate the policy-driven data protection and access control capabilities of Machina into their current workflows or infrastructure by either invoking commands directly from the system’s terminal or automating common tasks in scripts that utilize the CLI’s extensive feature set. Now the same trusted service that secures your applications can protect any system in your corporate ecosystem, such as a build system or firewall, without the need to compile or deploy custom applications that utilize Machina SDKs.
Machina CLI Use Cases
Machina SDKs can be applied to a multitude of use cases. But Machina CLI narrows activities to those things you can accomplish from the command line. Here’s a few ideas:
A continuous integration system, for example, can trigger a post build script that protects and assigns policy to the artifacts it generates. Similarly, a firewall generating logs, or an application generating usage reports can leverage Machina to secure their assets with a simple command line hook.
The ability to have artifacts generated by third-party systems using the CLI and consumed at runtime by custom applications utilizing the SDK, closes the gap between AppDev and Ops while consolidating the access control of sensitive data under a single console. For example, if an API key or certificate required by an application at runtime is checked into a hosted source control repository, such as Github, it can be protected by a script using the Machina CLI and either a pre-commit or pre-receive hook. Then, if that application is later compiled and deployed to a cloud computing platform like AWS or Google’s App Engine, the application can utilize Machina SDK to access the plaintext API key or certificate at runtime.
This not only keeps the sensitive strings compiled into source code invisible to the services hosting your build, deployment and runtime environments, it allows you to monitor and revoke access to any Machina secured asset dynamically and centrally from Machina Console.
For details and a sample integration using Git pre-commit hooks, checkout our Source Control tutorial to learn how to secure your development pipeline with Machina.
Using Machina CLI
Invoking Machina from the command line is simple:
Create User Profile
Device Profiles are integral to secure, authenticated interactions with Machina. To enroll a user profile and save it in a password persistor, provide the –devicetype, –devicepassword, and –devicefile options to specify where to save the password protected persistor and provide the user’s –pass –email and the keyspace or –kns associated with that user to the `profile enroll` sub-command like this:
machina \ --devicetype password \ --devicepw aSamplePassowrd \ --devicefile ~/.ionicsecurity/profiles.pw \ profile enroll \ --pass machinaUserPassword \ --email firstname.lastname@example.org \ --kns Magv
For a complete walkthrough of working with device profiles using machina cli, visit the Profiles tutorial on Ionic Developers and select either powershell or bash as your preferred language.
Secure a File
To secure a file, provide the same device options, so the tool can access the profile to perform the operation on its behalf, and provide the –in and –out paths to the `file encrypt` sub-command.
machina \ --devicetype password \ --devicepw aSamplePassowrd \ --devicefile ~/.ionicsecurity/profiles.pw \ file encrypt \ --in ~/sample.txt \ --out ~/sample-secured.txt
Now you can reference the Machina Console to see the details of each operation performed by the CLI on behalf of this device:
To learn more about encrypting and decrypting data using machina cli, go to the Machina Ciphers tutorials page and select powershell or bash.
Decoupling the core services of Machina from the application has not only simplified the integration process and eliminated the need for a development team to do so, but it has also opened the platform to entirely new possibilities. To help get your team started, we have created several example scripts covering the basics.