chainctl

Authenticate to the Chainguard Platform

$ chainctl auth login

$ chainctl auth logout

$ chainctl version

$ chainctl update

$ chainctl images list

$ chainctl images repos list

$ chainctl images history [image]:[tag]

$ chainctl packages versions list [package_name]

chainctl [command] [flags]
chainctl [command] [subcommand] [flags]

Common top-level commands include:
chainctl auth - Manage authentication and contexts
chainctl project - Manage Chainloop projects
chainctl build - Manage build runs and attestations
chainctl artifact - View and manage artifacts
chainctl attestation - Verify attestations
chainctl context - Manage Chainloop environments

--help, -h
    Shows help message for the command or subcommand.

--version
    Prints the chainctl version information.

--output <format>
    Specifies the output format (e.g., table, json). Defaults to table.

--context <name>
    Selects the named Chainloop context to use for the command, managing connections to different Chainloop instances.

--debug
    Enables debug logging for more detailed output.

--log-level <level>
    Sets the logging verbosity (e.g., info, warn, error).

--dry-run
    Performs a trial run without making actual changes (available for certain commands).

--file <path>
    Specifies a file path for input data (common for create/update operations).

chainctl is the official command-line interface (CLI) for Chainloop, a platform designed to ensure the integrity, provenance, and tamper-resistance of software artifacts throughout the supply chain. It acts as the primary tool for interacting with Chainloop services, allowing users to manage various aspects of their software delivery.

The Chainloop platform focuses on generating cryptographically signed attestations that capture critical metadata about build processes, software components (SBOMs), and security compliance (SLSA). chainctl facilitates the publishing of these artifacts and their associated attestations, as well as the verification of their authenticity and integrity against defined policies.

Typical use cases include authenticating with Chainloop, managing projects, defining build workflows, publishing software artifacts along with their provenance data, and later verifying these artifacts to ensure they originated from trusted sources and have not been tampered with. It plays a crucial role in implementing supply chain security best practices, enabling compliance with industry standards, and fostering trust in delivered software.

chainctl is a client-side tool that requires an active Chainloop deployment (either cloud-managed or self-hosted) to function. It cannot operate in a standalone manner without connecting to a Chainloop service. Users must also authenticate to the Chainloop platform using chainctl auth login before performing most operations. Familiarity with software supply chain security concepts such as SBOMs (Software Bill of Materials), SLSA (Supply-chain Levels for Software Artifacts), and cryptographic attestations is beneficial for effective use.

Similar to kubectl for Kubernetes, chainctl utilizes contexts to manage connections to different Chainloop environments (e.g., development, staging, production, or different cloud tenants/instances). This allows users to easily switch between configured Chainloop endpoints using commands like chainctl context use, making it convenient to operate across multiple deployments without reconfiguring credentials for each interaction.

chainctl is designed for seamless integration into Continuous Integration/Continuous Delivery (CI/CD) pipelines. Commands such as chainctl build start, chainctl build attest, and chainctl build complete facilitate the automated capture of build-time metadata and artifact provenance. This ensures that every release is securely attested, providing cryptographic proof of its origin and build process, thereby enabling end-to-end verifiability within automated workflows.

The chainctl command-line tool has been the primary interface for the Chainloop platform since its inception. Developed by the Chainloop team, its evolution is closely tied to the growing demand for robust software supply chain security. It aims to simplify the adoption of best practices, such as generating SLSA-compatible provenance and managing SBOMs, by providing a unified and automated way to interact with the Chainloop integrity service. Its development continues to align with emerging supply chain security standards and community feedback, with regular updates enhancing functionality and security features.