Sign up for FreeKnowledge Base

p0 request

Overview

  • Manually request just-in-time access to resources across AWS, Azure AD, GCP, Okta, SSH, and Google Workspace.

  • Create a time-boxed access request instead of granting standing permissions.

  • Send the request for approval and, once approved, automatically provision permissions for your specified duration.

  • Apply your organization’s guardrails, including auto-revocation at expiry.

  • Generate a complete audit trail showing who requested what, when, and why.

  • Attach a reason for audit logging and approval context.

  • Optionally block (--wait) until provisioning completes, then execute the underlying command (e.g., aws, gcloud, ssh).

  • Integrate with Slack (or your configured notification channel) for approval workflows and notifications.

  • Enforce your organization’s TTL policy and auto-revoke rights at expiry.

Prerequisites

  • Logged-in user

  • Network access: allow HTTPS to https://api.p0.app/o/<org-slug>/command/.

Syntax

p0 request <provider> <subcommand> [resource-args…]
    [--reason <text>]
    [-w | --wait]

  • <provider>

    • aws

    • azure-ad

    • gcloud

    • okta

    • ssh

    • workspace

  • <subcommand> & resource-args

    • Provider-specific; run p0 request <provider> --help for details.

  • --reason <text>

    • Justification for audit and approver context.

  • -w, --wait

    • Block until access is provisioned and then execute the underlying tooling command.

Global Flags

  • --help

    • Show help for any command.

  • --reason <text>

    • Provide a justification string.

  • -w, --wait

    • Wait for provisioning before returning.

Supported Providers

  • AWS

    • p0 request aws role <role-name>

    • p0 request aws resource <ARN>

  • Azure AD

    • p0 request azure-ad user <UPN>

    • p0 request azure-ad group <group-name>

  • GCP

    • p0 request gcloud role <role-name>

    • p0 request gcloud resource <resource-path>

    • p0 request gcloud permission <permission-name> (GitHub)

  • Okta

    • p0 request okta group <group-name>

  • SSH

    • p0 request ssh destination <instance-id>

  • Workspace

    • p0 request workspace drive <file-id>

    • p0 request workspace group <group-email>

Examples

  1. AWS IAM Role

    p0 request aws role MyReadOnlyRole \
  --account 123456789012 \
  --reason "Investigating S3 access issues" \
  --wait

    Outcome: Requests the MyReadOnlyRole role in account 123456789012; blocks until provisioned, then you can run AWS commands under that role.

  2. GCP Viewer Role

    p0 request gcloud role roles/viewer \
  --project my-gcp-project \
  --reason "Ad-hoc data audit" \
  --wait

    Outcome: Creates a GCP IAM request for the `roles/view

Previousp0 sshNextp0 ls

Last updated