auth
Browser login or CI token — credentials stay in a 0600 file.
zensu auth loginzensu auth login --with-token zsk_…zensu auth statuszensu auth tokenzensu auth logout
A gh-style binary over the Zensu REST API and OAuth2 + PKCE. Manage products, features, and auth from your shell — against the hosted service or any self-hosted deployment. One static binary, zero runtime dependencies.
No Go toolchain required for most paths. The CLI ships as a single static executable with zero runtime dependencies — script it in, drop in a prebuilt binary, run it in Docker, or build from source.
One line on Linux, macOS, or Windows — pulls the latest release binary onto your PATH.
# Linux / macOS curl -fsSL https://zensu.dev/install.sh | sh # Windows (PowerShell) irm https://zensu.dev/install.ps1 | iex
Tap and install the cask on macOS or Linux — upgrade later with brew upgrade.
brew install --cask mkitconsulting/tap/zensu
Grab the archive for your OS/arch from GitHub Releases — tar.gz, zip, and a checksums file.
# github releases tar -xzf zensu_*_linux_amd64.tar.gz mv zensu /usr/local/bin/
Run it straight from the registry — nothing installed on the host at all.
docker run --rm ghcr.io/mkitconsulting/zensu-cli:latest --help
Already have Go? Install the command from source in one step.
go install github.com/MKITConsulting/zensu-cli/cmd/zensu@latest
Clone the repo and build with the Makefile.
make build # builds bin/zensu make install # installs to $GOBIN
Re-run the install script for the newest release, or bump the Go install.
curl -fsSL https://zensu.dev/install.sh | sh # or: go install …/cmd/zensu@latest
Familiar noun verb ergonomics, just like the GitHub CLI.
Typed commands for every resource — products, features, security,
roadmaps, tiers, and more.
Browser login or CI token — credentials stay in a 0600 file.
zensu auth loginzensu auth login --with-token zsk_…zensu auth statuszensu auth tokenzensu auth logoutCreate and inspect products from the terminal.
zensu products listzensu products get <product-id>zensu products create --name "My Product" --type publicThe core surface — create features and drive status transitions.
zensu features list --product <id> --status testingzensu features get <feature-id>zensu features create --product <id> --component <id> --title "Login"zensu features update <feature-id> --title "New title"zensu features status <feature-id> testingClassify features, score the release gate, and read product-wide posture.
zensu security classify <feature-id> --classification confidentialzensu security score <feature-id>zensu security validate <feature-id>zensu security posture <product-id>
Add --json to most typed commands for raw, scriptable output —
pipe it straight into jq or a CI step.
A real OAuth2 + PKCE flow for humans, an API key for machines — same command, same credential store. Nothing is hard-coded to the hosted service.
zensu auth login
zensu auth login --with-token zsk_xxx # or read the key from stdin echo "$ZENSU_API_KEY" | zensu auth login --with-token -
The CLI is a thin client over the REST API and OAuth — so it works against the hosted service or any self-hosted deployment, with one flag or one environment variable.
Structured output, token login for CI, and honest exit codes — the CLI is as happy in a CI job as it is in your shell.
Most typed commands take --json — structured output you can pipe straight into jq or another tool.
zensu auth login --with-token - reads a key from stdin, so CI logs in with no browser.
Non-zero exit codes on failure, so the CLI slots cleanly into CI gates and shell scripts.
Flags beat environment variables beat stored config beat the built-in
default — the usual precedence, documented and predictable. Credentials and
the selected host live in hosts.json inside the config
directory.
--api-url flag ZENSU_API_URL stored host https://api.zensu.dev ZENSU_CONFIG_DIR XDG_CONFIG_HOME/zensu ~/.config/zensu Apache-2.0, open source. Works against the hosted service or any self-hosted deployment — and scripts cleanly into CI.