Skip to content

tigrisdata/cli

BranchesTags

Repository files navigation

@tigrisdata/cli

Command line interface for Tigris object storage.

Installation

npm install -g @tigrisdata/cli

Usage

tigris <command> [flags]

Run tigris help to see all available commands, or tigris <command> help for details on a specific command.

Core Commands

  • tigris ls [path] - List all buckets (no arguments) or objects under a bucket/prefix path. Accepts bare names or t3:// URIs
  • tigris mk <path> - Create a bucket (bare name) or a folder inside a bucket (bucket/folder/ with trailing slash)
  • tigris touch <path> - Create an empty (zero-byte) object at the given bucket/key path
  • tigris cp <src> <dest> - Copy files between local filesystem and Tigris, or between paths within Tigris. At least one side must be a remote t3:// path
  • tigris mv <src> <dest> - Move (rename) objects within Tigris. Both source and destination must be remote t3:// paths
  • tigris rm <path> - Remove a bucket, folder, or object from Tigris. A bare bucket name deletes the bucket itself
  • tigris stat [path] - Show storage stats (no args), bucket info, or object metadata

Authentication

  • tigris login - Start a session via OAuth (default) or temporary credentials. Session state is cleared on logout
  • tigris logout - End the current session and clear login state. Credentials saved via 'configure' are kept
  • tigris whoami - Print the currently authenticated user, organization, and auth method
  • tigris configure - Save access-key credentials to ~/.tigris/config.json for persistent use across all commands

Resources

  • tigris organizations - List, create, and switch between organizations. An organization is a workspace that contains your resources like buckets and access keys
  • tigris access-keys - Create, list, inspect, delete, and assign roles to access keys. Access keys are credentials used for programmatic API access
  • tigris credentials - Test whether your current credentials can reach Tigris and optionally verify access to a specific bucket
  • tigris buckets - Create, inspect, update, and delete buckets. Buckets are top-level containers that hold objects
  • tigris forks - List and create forks. A fork is a writable copy-on-write clone of a bucket, useful for testing or branching data
  • tigris snapshots - List and take snapshots. A snapshot is a point-in-time, read-only copy of a bucket's state
  • tigris objects - Low-level object operations for listing, downloading, uploading, and deleting individual objects in a bucket
  • tigris iam - Identity and Access Management - manage policies, users, and permissions

Core Commands

ls | list

List all buckets (no arguments) or objects under a bucket/prefix path. Accepts bare names or t3:// URIs

tigris ls [path]

Examples:

tigris ls
tigris ls my-bucket
tigris ls my-bucket/images/
tigris ls t3://my-bucket/prefix/

mk | create

Create a bucket (bare name) or a folder inside a bucket (bucket/folder/ with trailing slash)

tigris mk <path> [flags]
Flag Description
-a, --access Access level (only applies when creating a bucket)
--public Shorthand for --access public (only applies when creating a bucket)
-s, --enable-snapshots Enable snapshots for the bucket (only applies when creating a bucket)
-t, --default-tier Default storage tier (only applies when creating a bucket)
-c, --consistency Consistency level (only applies when creating a bucket)
-r, --region Region (only applies when creating a bucket)

Examples:

tigris mk my-bucket
tigris mk my-bucket --access public --region iad
tigris mk my-bucket/images/
tigris mk t3://my-bucket

touch

Create an empty (zero-byte) object at the given bucket/key path

tigris touch <path>

Examples:

tigris touch my-bucket/placeholder.txt
tigris touch t3://my-bucket/logs/

cp | copy

Copy files between local filesystem and Tigris, or between paths within Tigris. At least one side must be a remote t3:// path

tigris cp <src> <dest> [flags]
Flag Description
-r, --recursive Copy directories recursively

Examples:

tigris cp ./file.txt t3://my-bucket/file.txt
tigris cp t3://my-bucket/file.txt ./local-copy.txt
tigris cp t3://my-bucket/src/ t3://my-bucket/dest/ -r
tigris cp ./images/ t3://my-bucket/images/ -r

mv | move

Move (rename) objects within Tigris. Both source and destination must be remote t3:// paths

tigris mv <src> <dest> [flags]
Flag Description
-r, --recursive Move directories recursively
-f, --force Skip confirmation prompt

Examples:

tigris mv t3://my-bucket/old.txt t3://my-bucket/new.txt -f
tigris mv t3://my-bucket/old-dir/ t3://my-bucket/new-dir/ -rf
tigris mv my-bucket/a.txt my-bucket/b.txt -f

rm | remove

Remove a bucket, folder, or object from Tigris. A bare bucket name deletes the bucket itself

tigris rm <path> [flags]
Flag Description
-r, --recursive Remove directories recursively
-f, --force Skip confirmation prompt

Examples:

tigris rm t3://my-bucket/file.txt -f
tigris rm t3://my-bucket/folder/ -rf
tigris rm t3://my-bucket -f
tigris rm "t3://my-bucket/logs/*.tmp" -f

stat

Show storage stats (no args), bucket info, or object metadata

tigris stat [path] [flags]
Flag Description
-f, --format Output format

Examples:

tigris stat
tigris stat t3://my-bucket
tigris stat t3://my-bucket/my-object.json

Authentication

login | l

Start a session via OAuth (default) or temporary credentials. Session state is cleared on logout

Command Description
login select Choose how to login - OAuth (browser) or credentials (access key)
login oauth (o) Login via browser using OAuth2 device flow. Best for interactive use
login credentials (c) Login with an access key and secret. Creates a temporary session that is cleared on logout

login select

tigris login select

login oauth

tigris login oauth

Examples:

tigris login oauth

login credentials

tigris login credentials [flags]
Flag Description
-key, --access-key Your access key ID (will prompt if not provided)
-secret, --access-secret Your secret access key (will prompt if not provided)

Examples:

tigris login credentials --access-key tid_AaBb --access-secret tsec_XxYy
tigris login credentials

logout

End the current session and clear login state. Credentials saved via 'configure' are kept

tigris logout

Examples:

tigris logout

whoami | w

Print the currently authenticated user, organization, and auth method

tigris whoami

Examples:

tigris whoami

configure | c

Save access-key credentials to ~/.tigris/config.json for persistent use across all commands

tigris configure [flags]
Flag Description
-key, --access-key Your Tigris access key ID
-secret, --access-secret Your Tigris secret access key
-e, --endpoint Tigris API endpoint (default: https://t3.storage.dev)

Examples:

tigris configure --access-key tid_AaBb --access-secret tsec_XxYy
tigris configure --endpoint https://custom.endpoint.dev

Resources

organizations | orgs

List, create, and switch between organizations. An organization is a workspace that contains your resources like buckets and access keys

Command Description
organizations list (l) List all organizations you belong to and interactively select one as active
organizations create (c) Create a new organization with the given name
organizations select (s) Set the named organization as your active org for all subsequent commands

organizations list

tigris organizations list [flags]
Flag Description
-f, --format Output format (default: select)
-i, --select Interactive selection mode

Examples:

tigris orgs list
tigris orgs list --format json

organizations create

tigris organizations create <name>

Examples:

tigris orgs create my-org

organizations select

tigris organizations select <name>

Examples:

tigris orgs select my-org

access-keys | keys

Create, list, inspect, delete, and assign roles to access keys. Access keys are credentials used for programmatic API access

Command Description
access-keys list (l) List all access keys in the current organization
access-keys create (c) Create a new access key with the given name. Returns the key ID and secret (shown only once)
access-keys delete (d) Permanently delete an access key by its ID. This revokes all access immediately
access-keys get (g) Show details for an access key including its name, creation date, and assigned bucket roles
access-keys assign (a) Assign per-bucket roles to an access key. Pair each --bucket with a --role (Editor or ReadOnly), or use --admin for org-wide access

access-keys list

tigris access-keys list

Examples:

tigris access-keys list

access-keys create

tigris access-keys create <name>

Examples:

tigris access-keys create my-ci-key

access-keys delete

tigris access-keys delete <id>

Examples:

tigris access-keys delete tid_AaBbCcDdEeFf

access-keys get

tigris access-keys get <id>

Examples:

tigris access-keys get tid_AaBbCcDdEeFf

access-keys assign

tigris access-keys assign <id> [flags]
Flag Description
-b, --bucket Bucket name (can specify multiple, comma-separated). Each bucket is paired positionally with a --role value
-r, --role Role to assign (can specify multiple, comma-separated). Each role pairs with the corresponding --bucket value
--admin Grant admin access to all buckets in the organization
--revoke-roles Revoke all bucket roles from the access key

Examples:

tigris access-keys assign tid_AaBb --bucket my-bucket --role Editor
tigris access-keys assign tid_AaBb --bucket a,b --role Editor,ReadOnly
tigris access-keys assign tid_AaBb --admin
tigris access-keys assign tid_AaBb --revoke-roles

credentials | creds

Test whether your current credentials can reach Tigris and optionally verify access to a specific bucket

Command Description
credentials test (t) Verify that current credentials are valid. Optionally checks access to a specific bucket

credentials test

tigris credentials test [flags]
Flag Description
-b, --bucket Bucket name to test access against (optional)

Examples:

tigris credentials test
tigris credentials test --bucket my-bucket

Buckets

Buckets are containers for objects. You can also create forks and snapshots of buckets.

buckets | b

Create, inspect, update, and delete buckets. Buckets are top-level containers that hold objects

Command Description
buckets list (l) List all buckets in the current organization
buckets create (c) Create a new bucket with optional access, tier, consistency, and region settings
buckets get (g) Show details for a bucket including access level, region, tier, and custom domain
buckets delete (d) Delete one or more buckets by name. The bucket must be empty or delete-protection must be off
buckets set (s) Update settings on an existing bucket such as access level, region, caching, or custom domain
buckets list
tigris buckets list [flags]
Flag Description
-f, --format Output format (default: table)

Examples:

tigris buckets list
tigris buckets list --format json
buckets create
tigris buckets create [name] [flags]
Flag Description
-a, --access Access level (default: private)
--public Shorthand for --access public
-s, --enable-snapshots Enable snapshots for the bucket (default: false)
-t, --default-tier Choose the default tier for the bucket (default: STANDARD)
-c, --consistency Choose the consistency level for the bucket (default: default)
-r, --region Region (default: global)

Examples:

tigris buckets create my-bucket
tigris buckets create my-bucket --access public --region iad
tigris buckets create my-bucket --enable-snapshots --default-tier STANDARD_IA
buckets get
tigris buckets get <name>

Examples:

tigris buckets get my-bucket
buckets delete
tigris buckets delete <name>

Examples:

tigris buckets delete my-bucket
tigris buckets delete bucket-a,bucket-b
buckets set
tigris buckets set <name> [flags]
Flag Description
--access Bucket access level
--region Allowed regions (can specify multiple)
--allow-object-acl Enable object-level ACL
--disable-directory-listing Disable directory listing
--cache-control Default cache-control header value
--custom-domain Custom domain for the bucket
--enable-delete-protection Enable delete protection

Examples:

tigris buckets set my-bucket --access public
tigris buckets set my-bucket --region iad,fra --cache-control 'max-age=3600'
tigris buckets set my-bucket --custom-domain assets.example.com

forks | f

List and create forks. A fork is a writable copy-on-write clone of a bucket, useful for testing or branching data

Command Description
forks list (l) List all forks created from the given source bucket
forks create (c) Create a new fork (copy-on-write clone) of the source bucket. Optionally fork from a specific snapshot
forks list
tigris forks list <name> [flags]
Flag Description
-f, --format Output format (default: table)

Examples:

tigris forks list my-bucket
tigris forks list my-bucket --format json
forks create
tigris forks create <name> <fork-name> [flags]
Flag Description
-s, --snapshot Create fork from a specific snapshot

Examples:

tigris forks create my-bucket my-fork
tigris forks create my-bucket my-fork --snapshot snap-2025-01-01

snapshots | s

List and take snapshots. A snapshot is a point-in-time, read-only copy of a bucket's state

Command Description
snapshots list (l) List all snapshots for the given bucket, ordered by creation time
snapshots take (t) Take a new snapshot of the bucket's current state. Optionally provide a name for the snapshot
snapshots list
tigris snapshots list <name> [flags]
Flag Description
-f, --format Output format (default: table)

Examples:

tigris snapshots list my-bucket
tigris snapshots list my-bucket --format json
snapshots take
tigris snapshots take <name> [snapshot-name]

Examples:

tigris snapshots take my-bucket
tigris snapshots take my-bucket my-snapshot

objects | o

Low-level object operations for listing, downloading, uploading, and deleting individual objects in a bucket

Command Description
objects list (l) List objects in a bucket, optionally filtered by a key prefix
objects get (g) Download an object by key. Prints to stdout by default, or saves to a file with --output
objects put (p) Upload a local file as an object. Content-type is auto-detected from extension unless overridden
objects delete (d) Delete one or more objects by key from the given bucket
objects set (s) Update settings on an existing object such as access level

objects list

tigris objects list <bucket> [flags]
Flag Description
-p, --prefix Filter objects by key prefix (e.g. "images/" to list only images)
-f, --format Output format (default: table)

Examples:

tigris objects list my-bucket
tigris objects list my-bucket --prefix images/
tigris objects list my-bucket --format json

objects get

tigris objects get <bucket> <key> [flags]
Flag Description
-o, --output Output file path (if not specified, prints to stdout)
-m, --mode Response mode: "string" loads into memory, "stream" writes in chunks (auto-detected from extension if not specified)

Examples:

tigris objects get my-bucket config.json
tigris objects get my-bucket archive.zip --output ./archive.zip --mode stream

objects put

tigris objects put <bucket> <key> [file] [flags]
Flag Description
-a, --access Access level (default: private)
-t, --content-type Content type (auto-detected from extension if omitted)
-f, --format Output format (default: table)

Examples:

tigris objects put my-bucket report.pdf ./report.pdf
tigris objects put my-bucket logo.png ./logo.png --access public --content-type image/png

objects delete

tigris objects delete <bucket> <key>

Examples:

tigris objects delete my-bucket old-file.txt
tigris objects delete my-bucket file-a.txt,file-b.txt

objects set

tigris objects set <bucket> <key> [flags]
Flag Description
-a, --access Access level
-n, --new-key Rename the object to a new key

Examples:

tigris objects set my-bucket my-file.txt --access public
tigris objects set my-bucket my-file.txt --access private

iam

Identity and Access Management - manage policies, users, and permissions

Command Description
iam policies (p) Manage IAM policies. Policies define permissions for access keys
iam users (u) Manage organization users and invitations

iam policies | p

Manage IAM policies. Policies define permissions for access keys

Command Description
iam policies list (l) List all policies in the current organization
iam policies get (g) Show details for a policy including its document and attached users. If no ARN provided, shows interactive selection
iam policies create (c) Create a new policy with the given name and policy document. Document can be provided via file, inline JSON, or stdin
iam policies edit (e) Update an existing policy's document. Document can be provided via file, inline JSON, or stdin. If no ARN provided, shows interactive selection
iam policies delete (d) Delete a policy. If no ARN provided, shows interactive selection
iam policies list
tigris iam policies list [flags]
Flag Description
-f, --format Output format (default: table)

Examples:

tigris iam policies list
iam policies get
tigris iam policies get [resource] [flags]
Flag Description
-f, --format Output format (default: table)

Examples:

tigris iam policies get
tigris iam policies get arn:aws:iam::org_id:policy/my-policy
iam policies create
tigris iam policies create <name> [flags]
Flag Description
-d, --document Policy document (JSON file path or inline JSON). If omitted, reads from stdin
--description Policy description

Examples:

tigris iam policies create my-policy --document policy.json
tigris iam policies create my-policy --document '{"Version":"2012-10-17","Statement":[...]}'
cat policy.json | tigris iam policies create my-policy
iam policies edit
tigris iam policies edit [resource] [flags]
Flag Description
-d, --document New policy document (JSON file path or inline JSON). If omitted, reads from stdin
--description Update policy description

Examples:

tigris iam policies edit --document policy.json
tigris iam policies edit arn:aws:iam::org_id:policy/my-policy --document policy.json
cat policy.json | tigris iam policies edit arn:aws:iam::org_id:policy/my-policy
iam policies delete
tigris iam policies delete [resource]

Examples:

tigris iam policies delete
tigris iam policies delete arn:aws:iam::org_id:policy/my-policy

iam users | u

Manage organization users and invitations

Command Description
iam users list (l) List all users and pending invitations in the organization
iam users invite (i) Invite users to the organization by email
iam users revoke-invitation (ri) Revoke pending invitations. If no invitation ID provided, shows interactive selection
iam users update-role (ur) Update user roles in the organization. If no user ID provided, shows interactive selection
iam users remove (rm) Remove users from the organization. If no user ID provided, shows interactive selection
iam users list
tigris iam users list [flags]
Flag Description
-f, --format Output format (default: table)

Examples:

tigris iam users list
tigris iam users list --format json
iam users invite
tigris iam users invite <email> [flags]
Flag Description
-r, --role Role to assign to the invited user(s) (default: member)

Examples:

tigris iam users invite user@example.com
tigris iam users invite user@example.com --role admin
tigris iam users invite user1@example.com,user2@example.com
iam users revoke-invitation
tigris iam users revoke-invitation [resource]

Examples:

tigris iam users revoke-invitation
tigris iam users revoke-invitation invitation_id
tigris iam users revoke-invitation id1,id2,id3
iam users update-role
tigris iam users update-role [resource] [flags]
Flag Description
-r, --role Role(s) to assign (comma-separated). Each role pairs with the corresponding user ID. If one role is given, it applies to all users

Examples:

tigris iam users update-role --role admin
tigris iam users update-role user_id --role member
tigris iam users update-role id1,id2 --role admin
tigris iam users update-role id1,id2 --role admin,member
iam users remove
tigris iam users remove [resource]

Examples:

tigris iam users remove
tigris iam users remove user@example.com
tigris iam users remove user@example.com,user@example.net

License

MIT

About

CLI tool for Tigris

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

5 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases 16

v2.10.1 Latest
Feb 23, 2026
+ 15 releases

Packages

No packages published

Languages