This article covers installing and configuring the Lacework Command-Line Interface (CLI).
The Lacework CLI is an open source project written in Golang and released as separate binaries for Linux, macOS, and, yes, even Windows! Additionally, all releases of the CLI are published as Docker containers to Docker Hub for various platforms with the intended purpose of integrating with CI/CD automation pipelines.
Lacework as a platform provides a set of robust APIs for configuring accounts within the platform, as well as accessing data from accounts. The Lacework CLI provides an interface to those APIs with the goal of providing fast, accurate, and actionable insights into the platform.
Installation
Bash (macOS/Linux):
$ curl https://raw.githubusercontent.com/lacework/go-sdk/master/cli/install.sh | bash
Powershell (Windows):
C:\> Set-ExecutionPolicy Bypass -Scope Process -Force C:\> iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/lacework/go-sdk/master/cli/install.ps1'))
Homebrew (macOS/Linux):
$ brew install lacework/tap/lacework-cli
For more details, see Lacework Homebrew Tap.
Create API Key
The Lacework CLI requires an API key and secret to authenticate with Lacework. Lacework API Keys can be created by Lacework account administrators via the Lacework console.
- Log in to the Lacework Console.
- Click Settings > API Keys.
- Click CREATE NEW API KEY.
- Give the API key a Name and optional Description.
- Click SAVE.
- Click DOWNLOAD to save the API Key file locally.
The contents of your API key contain a keyId
and secret
:
{ "keyId": "ACCOUNT_86858622520DB3B8E6C171247820FA724CDDB19DDDDDDD", "secret": "_412a4c080e5c8a2e069a4144444444444" }
Configure The CLI
Use the lacework configure
command to configure the CLI with the API Key downloaded from the previous step.
$ lacework configure -j /path/to/key.json Account: example Access Key ID: EXAMPLE_1234567890ABCDE1EXAMPLE1EXAMPLE123456789EXAMPLE Secret Access Key: ********************************** You are all set!
The lacework configure
command generates a file named .lacework.toml
inside your home directory ($HOME/.lacework.toml
) with a single profile named default
.
Multiple Profiles
You can add additional profiles that you can refer to with a name by specifying the --profile
option. The following example creates a profile named prod
.
$ lacework configure --profile prod -j /path/to/key.json Account: prod.example Access Key ID: PROD_1234567890ABCDE1EXAMPLE1EXAMPLE123456789EXAMPLE Secret Access Key: ********************************** You are all set!
Then, when you run a command, you can specify a --profile prod
and use the credentials and settings stored under that name.
$ lacework integration list --profile prod
If there is no --profile
option, the CLI will default to the default
profile.
To list all available profiles configured in the workstation use:
$ lacework configure list PROFILE | ACCOUNT | API KEY | API SECRET --------------+---------------+----------------------------------------------------------+------------------------------------ prod | prod-account | PRODACCT_0C66EF03A0694E16D3203E553C9B13E36E39239FB0FCEBF | *****************************8520 qa1 | qa1-account | QA1ACCOT_038B1395C1B5B9BD1C5DEA849DF62FCB95D7697C58C4942 | *****************************9ad8 qa2 | qa2-account | QA2ACCOT_0362BF5146FBE18A9CD0AB0259FBEE912EBB1A429A0A213 | *****************************a3cb > default | dev-account | DEVACCOT_03C8910D0BDCDBD2AFD4355A1C5284104AAA2AE5253938C | *****************************98f1
Next Steps
From here you are ready to explore some of the specific use cases with the Lacework CLI: