IDENTITY-BASED MICROSEGMENTATION DOCUMENTATION

Install apoctl

  1. Download the executable appropriate to your platform.

    sudo curl -o /usr/local/bin/apoctl \
      https://download.aporeto.com/apoctl/darwin/apoctl && \
    sudo chmod 755 /usr/local/bin/apoctl
    
    sudo curl -o /usr/local/bin/apoctl \
      https://download.aporeto.com/apoctl/linux/apoctl && \
    sudo chmod 755 /usr/local/bin/apoctl
    
    curl https://download.aporeto.com/apoctl/windows/apoctl.msi -o apoctl.msi; `
    if ($?) {. .\apoctl.msi /quiet}
    if ($?) {$env:PATH+="C:\Program Files\Apoctl;"}
    

  2. Open the Microsegmentation section of the Prisma Cloud web interface and navigate to your top-level namespace.
    Under Manage, select Authentication sources.

  3. Click the Create Create button.

  4. Type apoctl in the Name field and click Next.

  5. Select Namespace Administrator and click Create.

  6. Leave App Credentials selected and click Download.

  7. Create an .apoctl directory in your home.

    mkdir ~/.apoctl
    
  8. Use the following command to rename the file to default.creds and move it to the ~/.apoctl directory.

    mv ~/Downloads/apoctl.json ~/.apoctl/default.creds
    
  9. Create a new file named default.yaml in the .apoctl directory. In the following command, we use vim, which is present by default in Linux/macOS and available for Windows via chocolatey._

    vi ~/.apoctl/default.yaml
    
  10. Paste in the following line, then save and close the file.

    creds: ~/.apoctl/default.creds
    
  11. Issue the following command to confirm that you’re authenticated.

    apoctl auth verify
    

    It should return something like the following.

    {
      "data": {
        "commonName": "app:credential:5f74d3fbf0fe170733a97848:acme-apoctl-default-credentials",
        "organization": "/acme",
        "realm": "certificate",
        "serialNumber": "276404753095259062652411739427072963511",
        "subject": "276404753095259062652411739427072963511"
      },
      "exp": 1601499169,
      "iat": 1601491968,
      "iss": "api.console.aporeto.com",
      "realm": "Certificate",
      "restrictions": {},
      "sub": "276404753095259062652411739427072963511"
    }
    
  12. The following commands use jq to extract the URL of your Microsegmentation Console API, set it in a MICROSEG_API environment variable, and ensure that the environment variable persists across sessions. This will make future commands much easier.

    export MICROSEG_API=$(apoctl auth verify | jq -r '.iss')
    echo "export MICROSEG_API=$MICROSEG_API" | tee -a ~/.bash_profile
    
    $env:MICROSEG_API = (apoctl auth verify | jq -r '.iss')
    $env:MICROSEG_API = [System.Environment]::SetEnvironmentVariable('MICROSEG_API','User')
    

    Great job! You’ve installed and configured apoctl.