flarectl
Manage Cloudflare resources from the command line
TLDR
Block a specific IP
Add a DNS record
List all Cloudflare IPv4/IPv6 ranges
Create many new Cloudflare zones automatically with names from domains.txt
List all firewall rules
SYNOPSIS
flarectl [global-options] <command> [subcommand] [command-options] [arguments]
Examples:
List DNS records for a zone:
flarectl dns list --zone example.com
Create a new DNS A record:
flarectl dns create --zone example.com --type A --name www --content 192.0.2.1
List all zones:
flarectl zone list
PARAMETERS
--api-key <key>
Specifies the Cloudflare API key to use for authentication. This can also be set via the CLOUDFLARE_API_KEY environment variable or configuration file.
--api-email <email>
Specifies the Cloudflare API email associated with the key. Used in conjunction with --api-key. Can also be set via CLOUDFLARE_API_EMAIL or configuration.
--api-token <token>
Specifies the Cloudflare API token. This is the recommended and more granular authentication method. Can also be set via CLOUDFLARE_API_TOKEN or configuration.
--account-id <id>
Specifies the Cloudflare Account ID. Required for some API calls, especially when using API Tokens. Can also be set via CLOUDFLARE_ACCOUNT_ID or configuration.
--config <path>
Specifies the path to a custom configuration file. Defaults to ~/.cloudflare/cloudflare.yaml.
--profile <name>
Uses a named profile from the configuration file, allowing for easy switching between different sets of credentials or settings.
--json
Outputs the command's result in JSON format, useful for scripting and programmatic parsing.
--debug
Enables verbose debug output, showing API requests and responses, useful for troubleshooting.
--version, -v
Displays the flarectl version information.
--help, -h
Shows help message for the command or subcommand.
DESCRIPTION
flarectl is the official command-line interface (CLI) for interacting with Cloudflare's services. It provides a powerful and convenient way to manage Cloudflare resources such as DNS records, zones, Workers, Firewall rules, and more, directly from the terminal. As an abstraction layer over the Cloudflare API, flarectl enables users to automate routine tasks, script complex interactions, and perform administrative operations without the need for direct HTTP requests. Built upon Cloudflare's Go SDK, it's an indispensable tool for DevOps, automation engineers, and system administrators working with Cloudflare's ecosystem. It supports various authentication methods and allows for output formatting, making it versatile for both interactive use and scripting.
CAVEATS
flarectl relies entirely on the Cloudflare API; therefore, users must have valid API credentials (Token or Email/Key pair) with appropriate permissions for the operations they wish to perform. API rate limits and potential changes in the Cloudflare API can affect its behavior. For sensitive operations, it's recommended to use API Tokens with the principle of least privilege. Managing credentials via environment variables or a configuration file is generally safer than specifying them directly on the command line.
CONFIGURATION AND AUTHENTICATION
flarectl supports multiple ways to provide credentials, including environment variables (e.g., CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID) and a configuration file, typically located at ~/.cloudflare/cloudflare.yaml. The configuration file allows for defining multiple named profiles, making it easy to switch between different Cloudflare accounts or API tokens without repeatedly entering credentials.
HIERARCHICAL COMMAND STRUCTURE
flarectl employs a hierarchical command structure, where services are organized into top-level commands (e.g., zone, dns, worker, security, access). Each of these commands then has its own set of subcommands (e.g., dns list, dns create, zone update), and further specific options, providing granular control over Cloudflare's extensive features. This structure makes the CLI intuitive and organized for managing diverse Cloudflare resources.
HISTORY
flarectl is an integral part of the cloudflare-go project, Cloudflare's official Go client library for interacting with their API. Its development began around 2017 as a command-line utility within this SDK, designed to offer a user-friendly interface to Cloudflare's growing suite of services. It has continuously evolved, incorporating new API functionalities and improving usability, largely maintained by Cloudflare engineers and contributed to by the open-source community, reflecting Cloudflare's commitment to developer tools and automation.