PASETO CLI generates and validates PASETO v4.local tokens.
// Available on NPM
npm i -g @govcraft/paseto_cli@latest
Or with Cargo or direct install from binary.
echo "your-32-byte-key-in-base64" | paseto_cli generate --subject "user123" --expiration "2h"
echo "your-32-byte-key-in-base64" | paseto_cli validate --token "v4.local.your-token-here" --subject "user123"
- Generates PASETO v4.local tokens with custom claims
- Validates existing tokens and verifies their claims
- Supports multiple output formats: plain, pretty, and JSON
- Handles relative time expressions (e.g., "2h", "1d")
- Adheres to PASETO best practices
- Implicit assertion and Footer support will be added before 1.0 release
You can download the precompiled binary for your system directly from the PASETO CLI Releases page. This is the easiest method to get started quickly.
To install PASETO CLI using npm, run the following command:
npm i -g @govcraft/paseto_cli@latest
This will install the PASETO CLI tool globally on your system.
If you have Rust installed on your system, you can use Cargo, Rust's package manager, to install PASETO CLI. First, ensure you have Rust and Cargo installed (you can get them from rustup.rs), then run:
cargo install paseto_cli
This command will download, compile, and install the PASETO CLI tool on your system.
To build from source:
git clone https://github.com/Govcraft/paseto-cli.git
cd paseto-cli
cargo build --release
The binary will be available at target/release/paseto_cli
.
PASETO CLI provides two main commands: generate
and validate
.
echo "your-32-byte-key-in-base64" | paseto_cli generate [OPTIONS]
Options:
-s, --subject <SUBJECT>
: Sets the subject claim-i, --issuer <ISSUER>
: Sets the issuer claim-a, --audience <AUDIENCE>
: Sets the audience claim--jti <JTI>
: Sets the token identifier claim--expiration <EXPIRATION>
: Sets the expiration time--not-before <NOT_BEFORE>
: Sets the not-before time--issued-at <ISSUED_AT>
: Sets the issued-at time-c, --custom <KEY=VALUE>
: Adds custom claims
echo "your-32-byte-key-in-base64" | paseto_cli validate --token <TOKEN> [OPTIONS]
Options:
-t, --token <TOKEN>
: Specifies the PASETO token to validate (required)-s, --subject <SUBJECT>
: Specifies the expected subject claim-i, --issuer <ISSUER>
: Specifies the expected issuer claim-a, --audience <AUDIENCE>
: Specifies the expected audience claim--jti <JTI>
: Specifies the expected token identifier claim--expiration <EXPIRATION>
: Specifies the expected expiration time--not-before <NOT_BEFORE>
: Specifies the expected not-before time--issued-at <ISSUED_AT>
: Specifies the expected issued-at time-c, --custom <KEY=VALUE>
: Specifies expected custom claims
-f, --format <FORMAT>
: Sets the output format (plain, pretty, json)-h, --help
: Prints help information-V, --version
: Prints version information
echo "your-32-byte-key-in-base64" | paseto_cli generate --subject "user123" --expiration "2h" --custom role=admin
echo "your-32-byte-key-in-base64" | paseto_cli --format pretty validate --token "v4.local.your-token-here" --subject "user123"
echo "your-32-byte-key-in-base64" | paseto_cli --format json generate --subject "user123" --expiration "2h"
- User Authentication: Generates tokens for user login systems.
- API Authorization: Includes role-based access control in tokens.
- Single Sign-On (SSO): Creates tokens for multi-service authentication.
- API Key Management: Generates and validates long-lived API keys.
- Session Management: Creates short-lived tokens for web application sessions.
- Microservices Communication: Secures inter-service data exchange.
- IoT Device Authentication: Authenticates IoT devices with central servers.
- Audit Logging: Tracks user actions with custom claims for logs.
- Testing and Development: Generates specific tokens for auth flow testing.
- Token Rotation: Implements token rotation strategies.
- Key Management: Store the PASETO v4 key securely.
- Token Lifetime: Set appropriate expiration times based on security requirements.
- Claim Validation: Validate all relevant claims when verifying tokens.
- Encrypted Payload: v4.local tokens encrypt their payload, protecting the confidentiality of claims. The encryption key must be kept secure.
- Key Rotation: Implement a strategy to periodically update the PASETO v4 key.
Contributions are welcome. See Contributing Guidelines for more details.
PASETO CLI is licensed under the GNU General Public License v3.0. See the LICENSE file for details.
I'm @rrrodzilla, a technologist with 30 years of industry experience. I'm a former SOA and cloud architect, and former Principal Technical Product Manager at AWS for the Rust Programming Language. Currently, I'm the owner and operator of Govcraft, building and consulting on Rust and AI solutions.
For more information, visit https://www.govcraft.ai
For issues, feature requests, or questions, open an issue at https://github.com/Govcraft/paseto-cli/issues.