Using the Policy Management Command Line Interface (CLI)

The following table provides section references that explain usage of some of the Policy Management CLI. It includes an example workflow to work with the Policy Management functions. If you want to view all the Policy Management CLI, then refer to the section Policy Management Command Line Interface (CLI) Reference.

Initializing the Policy Management

This section explains how you can initialize Policy Management to create the keys-related data and the policy repository.

pim invoke init

The following output appears:

✅ PIM successfully initialized (bootstrapped).

Creating a Manual Role

This section explains how you can create a manual role that accepts all the users.

pim create roles role --name "project-alpha-team" --description "Project Alpha all access" --mode "MANUAL" --allow-all

The following output appears:

NAME                DESCRIPTION               MODE             ALLOWALL  UID
project-alpha-team  Project Alpha all access  RoleMode.MANUAL  True      1

The command creates a role named project-alpha-team that has the UID as 1.

Creating Data Elements

This section explains how you can create a data element.

pim create dataelements aes128-cbc-enc --name "BasicEncryption" --description "Basic data encryption"

The following output appears:

UID  NAME             DESCRIPTION            IVTYPE       CHECKSUMTYPE       CIPHERFORMAT
1    BasicEncryption  Basic data encryption  IvType.NONE  ChecksumType.NONE  CipherFormat.NONE

The command creates an AES-128-CBC-ENC encryption data element named BasicEncryption that has the UID as 1.

Creating Policy

This section explains how you can create a policy.

pim create policies policy --name "full-protection-policy" --description "Complete data protection with all operations" --protect --re-protect --un-protect

The following output appears:

NAME                     DESCRIPTION                                   ACCESS                                                   UID
 full-protection-policy  Complete data protection with all operations  {'protect': True, 'reProtect': True, 'unProtect': True}  1

The command creates a policy named full-protection-policy that has the UID as 1.

Adding Roles and Data Elements to a Policy

This section explains how you can add roles and data elements to a policy.

pim create policies rules <policy-uid> --rule "1,1,,NULL_VALUE,true,false,false"

The following output appears:

 ROLE  DATAELEMENT  MASK  NOACCESSOPERATION  ACCESS
 1     1            0     NULL_VALUE         {'protect': True, 'reProtect': False, 'unProtect': False}

The command adds the role with the UID 1 and the data element with the UID 1 to the policy with the UID 1.

Creating a Default Data Store

This section explains how you can create a default data store.

pim create datastores datastore --name "primary-db" --description "Primary application database" --default

The following output appears:

NAME        DESCRIPTION                   DEFAULT  UID
primary-db  Primary application database  True     1

The command creates a default data store named primary-db that has the UID as 1.

Deploying a Specific Data Store

This section explains how you can deploy policies and trusted applications linked to a specific data store. The specifications provided for the specific data store are applied and becomes the end-result.

pim invoke datastores deploy 1 --policies 1

The following output appears:

Successfully deployed to datastore '1':
  Policies: 1

The command deploys the policy with the UID 1 to the data store with the UID 1.

Getting the Deployment Information

This section explains how you can check the complete deployment information. This service returns the list of the data stores with the connected policies and trusted applications.

pim get deploy

The following output appears:

 UID  POLICIES  APPLICATIONS
 1    ['1']     []

The command retrieves the deployment information. It displays the UID of the data store and the policy that has been deployed.