ockam

ockam [OPTIONS] [COMMAND]

Build, Run, Connect, Secure, Manage, Scale to billions of agents that are interoperable with everything, everywhere, all-at-once — with one platform.

Subcommands

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

ockam cluster

ockam cluster <COMMAND>

Subcommands

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

cluster enroll

[Preview]

ockam cluster enroll [OPTIONS]

Options

  • --identity [IDENTITY_NAME] (optional)
    The name of an existing Ockam Identity that you wish to enroll. You can use ockam identity list to get a list of existing Identities. To create a new Identity, use ockam identity create. If you don't specify an Identity name, and you don't have a default Identity, this command will create a default Identity for you and save it locally in the default Vault

  • --authorization-code-flow (optional)
    This option allows you to bypass pasting the one-time code and confirming device activation, and PKCE (Proof Key for Code Exchange) authorization flow. Please be careful with this option since it will open your default system browser. This option might be useful if you have already enrolled and want to re-enroll using the same account information

  • --disable-ctrlc-signal (optional)

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

cluster ticket

[Preview]

ockam cluster ticket [OPTIONS]

Options

  • --zone-name [ZONE_NAME] (optional)
    The name of the Zone

  • --zone-config [ZONE_CONFIG] (optional)
    The path to the Zone configuration file, in yaml or json format. If not set, the ./ockam.yaml file from the current directory will be used

  • --use-http-api (optional)
    Force the command to use the HTTP API. By default, the command will use the Orchestrator API

  • --api-endpoint [API_ENDPOINT] (optional)
    The API endpoint of the Ockam AI Platform. Can be set using the AI_API_BASE_URL environment variable. Defaults to http://localhost:30080

  • -a, --attribute [ATTRIBUTE] (optional)
    Attributes in key=value format to be attached to the member. You can specify this option multiple times for multiple attributes

  • --relay [ENROLLEE_ALLOWED_RELAY_NAME] (optional)
    Name of the relay that the identity using the ticket will be allowed to create. This name is transformed into attributes to prevent collisions when creating relay names. For example: --relay foo is shorthand for --attribute ockam-relay=foo

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

cluster show

[Preview]

ockam cluster show [OPTIONS]

Options

  • --use-http-api (optional)
    Force the command to use the HTTP API. By default, the command will use the Orchestrator API

  • --api-endpoint [API_ENDPOINT] (optional)
    The API endpoint of the Ockam AI Platform. Can be set using the AI_API_BASE_URL environment variable. Defaults to http://localhost:30080

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

ockam zone

ockam zone <COMMAND>

Subcommands

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

zone init

[Preview]

ockam zone init [REPOSITORY] [TARGET_PATH]

Arguments

  • [REPOSITORY] (optional)
    The name of the template project to download. It can be either a GitHub repository like build-trust/ockam-cluster-template-hello, a full URL like git@github.com:build-trust/ockam-cluster-template-hello, or an Ockam repository name that exists at build-trust/ockam-cluster-template-<NAME>

  • [TARGET_PATH] (optional)
    The path to install the template project. Defaults to the current directory

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

zone secret

[Preview]

ockam zone secret [OPTIONS]

Options

  • --secrets-config [SECRETS_CONFIG] (optional)
    The path to the secrets file, in yaml or json format. If not set, the ./secrets.yaml file from the current directory will be used. If no file is found, the command will just list the existing secrets

  • --zone-name [ZONE_NAME] (optional)
    The name of the Zone

  • --zone-config [ZONE_CONFIG] (optional)
    The path to the Zone configuration file, in yaml or json format. If not set, the ./ockam.yaml file from the current directory will be used

  • --use-http-api (optional)
    Force the command to use the HTTP API. By default, the command will use the Orchestrator API

  • --api-endpoint [API_ENDPOINT] (optional)
    The API endpoint of the Ockam AI Platform. Can be set using the AI_API_BASE_URL environment variable. Defaults to http://localhost:30080

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

zone create

[Preview]

ockam zone create [OPTIONS]

Options

  • --zone-config [ZONE_CONFIG] (optional)
    The path to the Zone configuration file, in yaml or json format. If not set, the ./ockam.yaml file from the current directory will be used

  • --secrets-config [SECRETS_CONFIG] (optional)
    The path to the secrets file, in yaml or json format. If not set, the ./secrets.yaml file from the current directory will be used. If no file is found, the command will just list the existing secrets

  • --use-public-ecr (optional)
    Whether to use a public AWS ECR

  • --no-cache (optional)
    Whether to use the Docker cache when building the image. It can be set using the OCKAM_DOCKER_NO_CACHE environment variable

  • --no-pull (optional)
    Whether to build the image with the --pull option. It can be set using the OCKAM_DOCKER_NO_PULL environment variable

  • --use-http-api (optional)
    Force the command to use the HTTP API. By default, the command will use the Orchestrator API

  • --api-endpoint [API_ENDPOINT] (optional)
    The API endpoint of the Ockam AI Platform. Can be set using the AI_API_BASE_URL environment variable. Defaults to http://localhost:30080

  • --no-http (optional)
    Skip the creation of the inlet to the http outlet

  • --no-logs (optional)
    Skip the creation of the inlet to the logs outlet

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

zone delete

[Preview]

ockam zone delete [OPTIONS]

Options

  • --zone-name [ZONE_NAME] (optional)
    The name of the Zone

  • --zone-config [ZONE_CONFIG] (optional)
    The path to the Zone configuration file, in yaml or json format. If not set, the ./ockam.yaml file from the current directory will be used

  • --use-http-api (optional)
    Force the command to use the HTTP API. By default, the command will use the Orchestrator API

  • --api-endpoint [API_ENDPOINT] (optional)
    The API endpoint of the Ockam AI Platform. Can be set using the AI_API_BASE_URL environment variable. Defaults to http://localhost:30080

  • --all (optional)
    Delete all zones in the cluster

  • -y, --yes (optional)
    Confirm the deletion without prompting

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

zone inlet

[Preview]

ockam zone inlet [OPTIONS] --pod <POD>

Options

  • --cluster [CLUSTER] (optional)
    The Cluster that hosts the Zone

  • --zone-name [ZONE_NAME] (optional)
    The name of the Zone

  • --zone-config [ZONE_CONFIG] (optional)
    The path to the Zone configuration file, in yaml or json format. If not set, the ./ockam.yaml file from the current directory will be used

  • --pod <POD>
    References the name of TCP Outlet created in the Zone and the Relay name

  • --enrollment-ticket [ENROLLMENT TICKET] (optional)
    A path, URL or inlined hex-encoded enrollment ticket to use for the Ockam Identity associated to this node. If ommited one will be created automatically with default attributes

  • --background (optional)

  • --no-ctrlc-handler (optional)
    Disable the Ctrl-C handler

  • --use-http-api (optional)
    Force the command to use the HTTP API. By default, the command will use the Orchestrator API

  • --api-endpoint [API_ENDPOINT] (optional)
    The API endpoint of the Ockam AI Platform. Can be set using the AI_API_BASE_URL environment variable. Defaults to http://localhost:30080

  • --from [SOCKET_ADDRESS] (optional)
    Address on which to accept TCP connections, in the format <scheme>://<host>:<port>. At least the port must be provided. The default scheme is tcp and the default host is 127.0.0.1. If the argument is not set, a random port will be used on the default address tcp://127.0.0.1

  • --to [ROUTE] (optional)
    Name of the TCP Outlet service to connect to

  • --allow [POLICY_EXPRESSION] (optional)
    Policy expression that will be used for access control to the TCP Inlet. If you don't provide it, the policy set for the "tcp-inlet" resource type will be used.

You can check the fallback policy with ockam policy show --resource-type tcp-inlet.

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

zone outlet

[Preview]

ockam zone outlet [OPTIONS] --relay <RELAY> --to <SOCKET_ADDRESS>

Options

  • --cluster [CLUSTER] (optional)
    The Cluster that hosts the Zone

  • --zone-name [ZONE_NAME] (optional)
    The name of the Zone

  • --zone-config [ZONE_CONFIG] (optional)
    The path to the Zone configuration file, in yaml or json format. If not set, the ./ockam.yaml file from the current directory will be used

  • --enrollment-ticket [ENROLLMENT TICKET] (optional)
    A path, URL or inlined hex-encoded enrollment ticket to use for the Ockam Identity associated to this node. If ommited one will be created automatically with default attributes

  • --relay <RELAY>
    Relay to register at

  • --background (optional)

  • --use-http-api (optional)
    Force the command to use the HTTP API. By default, the command will use the Orchestrator API

  • --api-endpoint [API_ENDPOINT] (optional)
    The API endpoint of the Ockam AI Platform. Can be set using the AI_API_BASE_URL environment variable. Defaults to http://localhost:30080

  • --from [OUTLET_ADDRESS] (optional)
    Service address of your TCP Outlet, which is part of a route used in other commands. This unique address identifies the TCP Outlet worker on the Node on your local machine. Examples are /service/my-outlet or my-outlet. If not provided, the name of the relay will be used

  • --to <SOCKET_ADDRESS>
    Network address where your application is listening to. Your TCP Outlet will forward raw TCP traffic to this destination

  • --allow [POLICY_EXPRESSION] (optional)
    Policy expression that will be used for access control to the TCP Outlet. If you don't provide it, the policy set for the "tcp-outlet" resource type will be used.

You can check the fallback policy with ockam policy show --resource-type tcp-outlet

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io

zone repl

[Preview]

ockam zone repl [OPTIONS]

This command can be used to access the Repl of an agent started locally.

Options

  • --zone-config [ZONE_CONFIG] (optional)
    The path to the Zone configuration file, in yaml or json format. If not set, the ./ockam.yaml file from the current directory will be used

  • --use-http-api (optional)
    Force the command to use the HTTP API. By default, the command will use the Orchestrator API

  • --api-endpoint [API_ENDPOINT] (optional)
    The API endpoint of the Ockam AI Platform. Can be set using the AI_API_BASE_URL environment variable. Defaults to http://localhost:30080

  • --no-http (optional)
    Skip the creation of the inlet to the http outlet

  • --no-logs (optional)
    Skip the creation of the inlet to the logs outlet

  • --to [SOCKET_ADDRESS] (optional)
    Network address where your repl server is listening to

Learn More:

Use ockam <SUBCOMMAND> --help for more information about a subcommand (e.g., 'cluster' or 'zone').

Learn more about Command: https://docs.ockam.ai/command/ Learn more about Ockam: https://docs.ockam.ai/

Feedback:

If you have questions, as you explore, join us on the Discord channel https://discord.ockam.io