Skip to content

AnkaSecure CLI – Overview

The AnkaSecure CLI is a cross-platform command-line utility that integrates directly with the AnkaSecure API, allowing you to perform cryptographic operations, manage keys, and automate security workflows without writing code.

Introduction

  • Command-Line Power: Run cryptographic commands from any terminal or script environment.
  • Automation & Scripting: Ideal for CI/CD pipelines and DevSecOps processes.
  • Post-Quantum Ready: Supports ML-KEM, Dilithium, Falcon, and SPHINCS+, alongside classical RSA/ECC algorithms.
  • Enterprise Integration: Easily pairs with HSMs, SIEM systems, and secure vaults.

Why Use AnkaSecure CLI?

  1. No Programming Required

    • Execute commands interactively or via shell scripts—no custom code needed.

  2. Consistent API Integration

    • Every CLI operation corresponds to an AnkaSecure API endpoint, ensuring uniform behavior across different environments.

  3. Large File Streaming

    • Efficiently encrypt, decrypt, sign, or verify large files (GB+) in streaming mode to avoid high memory usage.

  4. Crypto-Agility

    • Leverage both classical and post-quantum keys. Migrate from RSA to PQC or rotate keys seamlessly.

  5. Logging & Auditing

    • CLI activities can be logged in detail, supporting regulatory compliance and security audits.

Typical Use Cases

  1. Key Management

    • Generate, import, export, revoke, or remove cryptographic keys—both classical and post-quantum.

  2. Encryption/Decryption

    • Securely encrypt large data sets or files, then decrypt them on-demand.

  3. Signing/Verification

    • Digitally sign artifacts (e.g., binaries, documents) and verify signatures to maintain data integrity.

  4. Re-Encryption/Re-Signing

    • Seamlessly transition from old keys to new post-quantum keys without exposing plaintext or needing multiple file passes.

  5. CI/CD Integration

    • Automate cryptographic tasks within build pipelines to ensure secure application delivery.

Installation & Executables

  • Installers: Download from AnkaSecure CLI Installers for Windows, macOS, or Linux.
  • Executables:
    • AnkaSecureCLI – Standard command-line interface for scripts or direct usage.
    • AnkaSecureCLIDemo – An interactive, menu-driven demo showing 16 example scenarios.

If native executables are unavailable or you prefer direct control, you can run the JAR:

java -jar AnkaSecureClient.jar <command> [options]

Initialization (Required)

Before executing any CLI command, you must initialize the CLI with encrypted credentials using the init command.
This step securely stores your clientId and clientSecret using AES-GCM encryption with a UUID-based derived key.

AnkaSecureCLI init
During this initialization:

  • You will be prompted to enter your clientId and clientSecret.

  • The CLI will generate a secure cli.properties file containing:

    • Encrypted credentials (clientIdEnc, clientSecretEnc)

    • A randomly generated salt and UUID (client.uuid, client.salt) used for key derivation

⚠️ You must complete this step before using any CLI command (e.g., generate-key, encrypt-file, etc.).\ If initialization is skipped, CLI operations will fail with a security error.

For more information, see the CLI Configuration Guide.

Configuration

The CLI reads its settings from a cli.properties file, which includes:

  • Client Credentials (clientId, clientSecret)
  • Server Variables (host, port, TLS settings)
  • Proxy and Timeouts
  • Logging preferences

For more details, refer to the CLI Configuration Guide.

Command Reference

The AnkaSecure CLI provides a comprehensive set of commands to interact with the AnkaSecure API. Some highlights:

  • generate-key

    Creates a new key (RSA, ECC, ML-KEM, etc.) with optional usage and expiration constraints.

  • encrypt-file / decrypt-file

    Securely encrypt or decrypt data, either in base64 or streaming.

  • sign-file / verify-signature

    Sign or verify artifacts in a single pass (standard or streaming).

  • reencrypt-file / resign-file

    Migrate existing ciphertext or signatures to new keys (classical or post-quantum).

  • list-keys / remove-key / revoke-key

    Basic key lifecycle commands.

See the CLI Command Reference for the full list and usage examples.

Getting Started

  1. Install the AnkaSecure CLI on your platform of choice.
  2. Configure with valid credentials and connection details (in cli.properties).
  3. Verify Setup by running a simple command like:

AnkaSecureCLI list-keys

  1. Explore encryption, signing, and re-encryption scenarios as needed.

Next Steps

  • CLI Configuration Guide: Learn how to customize cli.properties.
  • CLI Command Reference: Detailed usage for each command.
  • Integration with DevOps: Add commands to your CI/CD pipelines for automated key rotation, artifact signing, and more.

Conclusion

The AnkaSecure CLI brings crypto-agility, post-quantum security, and large-file streaming to your terminal. Whether you're managing keys for enterprise compliance, automating file encryption in CI/CD, or transitioning to post-quantum algorithms, the CLI offers a straightforward, script-friendly solution.