Boundary CLI

Boundary CLI is HashiCorp's command line for Boundary's access-control plane and client connection flows. It manages auth methods, identities, targets, workers, credentials, sessions, and session recordings, then can authorize or launch proxied connections through Boundary.

• Authenticate with password, LDAP, or OIDC methods, manage local token handling, and inspect client-agent state for a Boundary environment.
• Create, read, update, delete, and list Boundary resources such as scopes, users, groups, roles, hosts, host sets, targets, workers, credential stores, credential libraries, and storage or recording resources.
• Authorize sessions and open proxied connections to SSH, RDP, database, Kubernetes, HTTP, and other supported targets, then inspect, cancel, or download session and recording data.

• Control-plane commands follow predictable read, list, create, update, and delete patterns, and -format json makes inspect/change/verify loops straightforward.
• Secrets and structured attributes can come from env://, file://, and JSON maps, which helps non-interactive automation.
• Automation gets weaker around browser or prompt-driven auth and connect flows that hand off to local clients or long-lived tunnels; there is no native MCP or packaged skills tree.

• Useful only against a running Boundary deployment with configured auth methods, targets, workers, and often external systems such as an IdP or Vault.
• This repo contains the full Boundary product, so canonical install and CLI reference guidance lives on the HashiCorp Developer site rather than only in the README.