init

Use the init command to initialize the Conjur CLI with your Conjur endpoint.

The init command creates a configuration file (.conjurrc) that contains the details for connecting to Conjur. This file is located under the user's root directory.

You can allow users to log in to the Conjur CLI using the CyberArk OIDC Authenticator using the --authn-type and --service-id options for the init command. For more information, see OIDC Authenticator for Conjur UI and Conjur CLI authentication.

Usage

conjur [global options] init [options] [args]

Global options

Option	Description
-d, --debug	Enable debugging output

Options

Option	Description
-u VALUE, --url VALUE	Provide the Conjur server endpoint (Conjur URL). If you do not provide a URL, you are prompted to provide one.
-a VALUE, --account VALUE	(Optional) Provide the Conjur account name. If you do not provide an account name, you are prompted to provide one.
-s, --self-signed	(Optional) Use a self-signed certificate from Conjur.*
--force	(Optional) Force overwrite of existing files.
-t, --authn-type	(Optional) Specify the authentication type, such as `ldap` or `oidc`. If you do not specify an authn-type, the default value is `authn`. For more information about using OIDC authentication with the Conjur CLI, see OIDC Authenticator for Conjur UI and Conjur CLI authentication.
--service-id	(Optional) The unique identifier of the authentication service. This option is required when the authentication type is `ldap` or `oidc`.
-i, --insecure	(Optional) Allow non-HTTPS connections.
-c VALUE or --ca-cert VALUE	(Optional) Provide the full path to the Conjur root CA certificate.
--cert-file VALUE	(Optional) The file where the server's certificate is written. Default: `/root/conjur-server.pem`
-f VALUE or --file VALUE	(Optional) The file where the Conjur connection configuration is written. Default: `/root/.conjurrc`
--force-netrc	(Optional) Use file-based credential storage rather than the OS-native keystore.
-h, --help	(Optional) Display the help screen.

If neither --ca-cert nor --self-signed options are provided, the Conjur CLI uses the operating system's trusted System Roots certificate store.
Limitation: On RHEL 7, the Conjur CLI cannot access the trusted System Roots certificate store, so the init command must explicitly include either the --ca-cert or --self-signed option.

Examples

The following command initializes the Conjur CLI with the Conjur server endpoint (Conjur URL), and creates the necessary configuration file (conjurrc):
```
conjur init -a myorg -u https://conjur-url
```
The following command prompts for the URL of your Conjur server and then for the Conjur account name:
```
conjur init
```
The following command initializes the Conjur CLI with the Conjur server endpoint using the Conjur root CA certificate file:
```
conjur init --url https://conjur-url --ca-cert path/to/conjur_ca.pem
```
The following command initializes the Conjur CLI with the Conjur server endpoint using a self-signed certificate from Conjur:
```
conjur init --url https://conjur-url --self-signed
```
The following command initializes the Conjur CLI with the Conjur server endpoint without HTTPS:
```
conjur init --insecure -a myorg -u https://conjur-url
```

The following command initializes the Conjur CLI using OIDC authentication:

conjur init -a myorg -u https://conjur-url –-authn-type oidc –-service-id oidc_auth_service