Getting Started
This guide walks you through installing, configuring, and using NDCLI for the first time.
Installation
Section titled “Installation”brew tap netdefense-io/tapbrew install ndclicurl -L https://github.com/netdefense-io/NDCLI/releases/latest/download/ndcli_linux_amd64.tar.gz | tar xz
sudo mv ndcli /usr/local/bin/scoop bucket add netdefense https://github.com/netdefense-io/scoop-bucketscoop install ndcliInitial Setup
Section titled “Initial Setup”Using the Setup Guide
Section titled “Using the Setup Guide”The easiest way to configure NDCLI is with the interactive setup guide:
ndcli setupThe wizard guides you through:
- Authentication - Login and credential storage preferences
- Organization - Create a new organization or select an existing one
- Preferences - Set your default output format
Manual Setup
Section titled “Manual Setup”If you prefer manual configuration:
-
Authenticate with NetDefense
Terminal window ndcli auth loginThis opens your browser for OAuth2 authentication.
-
Set your default organization
Terminal window # List available organizationsndcli org list# Set defaultndcli config set org my-organization -
Optionally set output format preference
Terminal window ndcli config set output detailed
Verify Your Setup
Section titled “Verify Your Setup”Check that everything is configured correctly:
ndcli auth show
ndcli auth me
ndcli config showYour First Commands
Section titled “Your First Commands”List Devices
Section titled “List Devices”ndcli device list
ndcli device list --status PENDING
ndcli device list --ou productionApprove a Pending Device
Section titled “Approve a Pending Device”When a new device registers, it appears with PENDING status:
ndcli device list --status PENDING
ndcli device approve my-new-firewall
ndcli device approve-allView Device Details
Section titled “View Device Details”ndcli device describe my-firewallTrigger Configuration Sync
Section titled “Trigger Configuration Sync”ndcli sync status
ndcli sync apply --device my-firewall
ndcli sync apply --ou productionConfiguration Storage
Section titled “Configuration Storage”Configuration Files
Section titled “Configuration Files”NDCLI stores configuration in platform-specific locations:
| Platform | Config Path |
|---|---|
| macOS | ~/Library/Application Support/ndcli/config.yaml |
| Linux | ~/.config/ndcli/config.yaml |
| Windows | %APPDATA%\ndcli\config.yaml |
Credential Storage
Section titled “Credential Storage”By default, NDCLI stores OAuth2 tokens in your system keyring:
- macOS: Keychain
- Linux: Secret Service (GNOME Keyring, KWallet)
- Windows: Credential Manager
If the system keyring is unavailable, credentials fall back to file storage (auth.json).
Environment Variables
Section titled “Environment Variables”All configuration options can be overridden with environment variables using the NDCLI_ prefix:
export NDCLI_ORGANIZATION_NAME=my-orgexport NDCLI_OUTPUT_FORMAT=jsonexport NDCLI_CONTROLPLANE_HOST=https://control.example.comShell Completion
Section titled “Shell Completion”Enable tab completion for your shell:
source <(ndcli completion bash)source <(ndcli completion zsh)ndcli completion fish | sourcendcli completion powershell | Out-String | Invoke-ExpressionNext Steps
Section titled “Next Steps”- Explore Device Management
- Learn about Organizations
- Configure Templates and Snippets