p0 Commands and Usage

p0 CLI Overview

A developer-focused overview of all p0 CLI commands. Use this as your launchpad—each section links to in-depth docs with examples, flags, and troubleshooting.

📥 p0 login

Bootstrap your local CLI with your organization’s credentials and config.

• Purpose:

  • Launch browser SSO (Google, Okta, Ping, Microsoft, etc.)

  • Persist tokens & config under ~/.p0/ (or $TMP/p0 if you set P0_ORG environmental variable.)

• Outcome:

  • Validated Org access

  • Ability to run p0 request, p0 ssh, p0 aws, and more without re-authenticating

• Key Flags:

  • p0 login <ORG_ID>

  • P0_ORG=<ORG_ID> p0 login (env-var shortcut)

☸️ p0 kubeconfig

Just-in-time AWS EKS access and kubeconfig automation.

• Purpose:

  • Request AWS EKS cluster access via p0

  • Automatically update your ~/.kube/config context

• Key Flags:

  • --cluster <CLUSTER_ID> (registered in p0)

  • --role <ClusterRole|CuratedRole|Role>

  • --resource <Kind> / <Namespace> / <Name>

  • --reason "<REASON>"

  • --requested-duration "<DURATION>"

🔓 p0 allow

Declare pre-approved access grants for p0 Request across multiple platforms.

• Purpose:

  • Provision any access that you can request. This is for creating pre-approved access for another user for a period of time. You must be a valid approver for that person.

  • Apply policy guardrails and auto-revoke at expiry

• Key Flags:

  • --to <principal> (user, service account, or group)

  • --length <total duration>

  • --requested-duration <session TTL>

  • Optional: --start <timestamp>, --reason <text>

🎫 p0 grant

Issue ephemeral, just-in-time access requests for short-lived tasks.

• Purpose:

  • Trigger provisioning workflows on demand

  • Optionally block (--wait) until approval or denial

• Key Flags:

  • --to <principal>

  • --requested-duration <duration>

  • Optional: --reason <text>, -w/--wait

🔍 p0 ls

Discover valid resource identifiers for grant, allow, ssh, and more.

• Purpose:

  • List ARNs, roles, permission-sets, groups, SSH sessions, etc.

  • Mark items you already have (*)

• Key Flags:

  • p0 ls <integration> <subcommand> [filters]

  • --size <N> (pagination)

  • --json (raw output)

📂 p0 scp

Securely copy files using P0-provisioned SSH under the hood.

• Purpose:

  • Drop-in replacement for scp with automatic access requests

• Syntax:

  Copy

  p0 scp <src> <dest> [P0-options] -- [scp flags]

• Key Flags:

  • --provider <aws|gcloud|azure>

  • --reason <text>

  • --sudo

  • --debug

🔑 p0 ssh-keygen

Generate (or reuse) a P0-specific SSH key pair.

• Purpose:

  • Create a 2048-bit RSA key under ~/.p0/ssh/ with mode 600

  • Auto-invoked by p0 ssh/scp, or run manually to pre-generate or rotate keys

• Syntax:

  Copy

  p0 ssh-keygen

🔌 p0 ssh-proxy

Expose P0’s SSH tunnel as a ProxyCommand for custom SSH configs.

• Purpose:

  • Integrate P0’s managed tunnel (aws ssm start-session, gcloud iap-tunnel, Azure) into ~/.ssh/config

  • Reuse approved sessions across multiple SSH calls

• Syntax:

  Copy

  p0 ssh-proxy <destination> \
    --provider <aws|gcloud|azure> \
    --port <22> \
    -i <identityFile> \
    --requestJson <path/to/request.json>

📑 p0 ssh-resolve

Resolves host names in the SSH command if they are accessible to you without manual approval.

• Purpose:

  • Generate approved requests and credentials.

  • Perfect for automation, editor plugins, or CI pipelines

• Syntax:

  Copy

  p0 ssh-resolve <destination> \
    [--provider <aws|gcloud|azure>] \
    [--parent <account/project>] \
    [-q|--quiet] \
    [--debug