Install apoctl

Prerequisites

  • The following procedure uses an app credential to authenticate to the Microsegmentation Console. App credentials require a mutual TLS connection to the Microsegmentation Console API. Any TLS-intercepting middleboxes must be configured to exclude your connections to the Microsegmentation Console from interception.
  • If you connect through a firewall or endpoint agent, ensure that you can access *.prismacloud.io, *.network.prismacloud.io, and *.aporeto.com.

Installing and configuring apoctl

  1. Download the executable appropriate to your platform.
    The URL format is https://download.aporeto.com/prismacloud/[appstack]/apoctl/[ darwin | windows | linux ]/apoctl where you must replace [appstack] with the location of your instance of Prisma Cloud. The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. For example,
    https://download.aporeto.com/prismacloud/app3/apoctl/darwin/apoctl
    macOS
    sudo curl -o /usr/local/bin/apoctl \ https://download.aporeto.com/prismacloud/<your_appstack>/apoctl/darwin/apoctl && \ sudo chmod 755 /usr/local/bin/apoctl
    Linux
    sudo curl -o /usr/local/bin/apoctl \ https://download.aporeto.com/prismacloud/<your_appstack>/apoctl/linux/apoctl && \ sudo chmod 755 /usr/local/bin/apoctl
    Windows
    curl https://download.aporeto.com/prismacloud/<your_appstack>/apoctl/windows/apoctl.msi -o apoctl.msi; ` if ($?) {. .\apoctl.msi /quiet} if ($?) {$env:PATH+="C:\Program Files\Apoctl;"}
  2. Open the
    Network Security
    section of the Prisma Cloud web interface.
  3. Navigate to the top-level namespace that you have access to.
    In the following example, we have access to the top-level namespace /803920923337065472.
  4. Click the lock icon in the bottom left corner, then click
    Copy to clipboard
    , as shown below.
  5. Paste the configuration command into your terminal and press ENTER.
    An example command follows, using https://api.app0.network.prismacloud.io as the URL of the Microsegmentation Console API and a Microsegmentation account.
    apoctl configure -A https://api.app0.network.prismacloud.io -n /803920923337065472 -t eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ...
  6. Authenticate at the prompt. It should return the following.
    apoctl profile 'default' successfully configured
  7. Issue the following commands to extract the URL of your Microsegmentation Console API, set it in a MICROSEG_API environment variable, and ensure that the environment variable persists across sessions.
    macOS/Linux
    export MICROSEG_API=$(apoctl auth verify | jq -r '.iss') echo "export MICROSEG_API=$MICROSEG_API" | tee -a ~/.bash_profile
    Windows
    $env:MICROSEG_API = (apoctl auth verify | jq -r '.iss') $env:MICROSEG_API = [System.Environment]::SetEnvironmentVariable('MICROSEG_API','User')
  8. Confirm that you can connect to the Microsegmentation Console API and that you trust its certificate.
    curl
    curl $MICROSEG_API
    wget
    wget $MICROSEG_API
  9. Issue the following command to confirm that you’re authenticated.
    apoctl auth verify
    It should return something like the following.
    { "data": { "commonName": "app:credential:6022d9eeeb15c100010d9290:jwellington@email.com-apoctl-default-credentials", "organization": "/803920923337065472", "realm": "certificate", "serialNumber": "96242056717083374710660459658200369221", "subject": "96242056717083374710660459658200369221" }, "exp": 1612903956, "iat": 1612896755, "iss": "api.app0.network.prismacloud.io", "realm": "Certificate", "restrictions": {}, "sub": "96242056717083374710660459658200369221" }
    Great job! You’ve installed and configured apoctl.

Recommended For You