Ziti cli user question

Every time I need to use ziti cli, I would have to do “ziti edge login …” with username and password. And after successful login i see a file - ${ZITI_HOME}/ziti-cli.json with following content -

    "edgeIdentities": {
        "default": {
            "url": "https://${ZITI_CTRL_ADVERTISED_ADDRESS}/edge/management/v1",
            "username": "xxxx",
            "token": "xxxx-xxx-xxx-xxxx",
            "loginTime": "2022-08-22T19:52:07-07:00",
            "caCert": "${INTERNAL_CA}",
            "readOnly": false
    "fabricIdentities": {},
"default": "default"

I have registered my internal CA with the controller and successfully verified it. I am able to enroll identities with x509 certificate provided by my CA.

My question is say I have a x509 certificate for myself from my CA ( with CN=myname ), how can I use that to enroll myself as an identity ( assuming it will be of type user ) with openziti?
And how can I use that identity to be able to run ziti cli commands without having to do ziti edge login periodically? i.e. I would like to not use the default admin user but my x509 identity as the admin.

cc: @TheLumberjack


Dunno why I didn’t go look for issues - but tonight it struck me that I should. I found this issue tracking the request Allow Edge Rest API Cert Login · Issue #127 · openziti/ziti · GitHub

1 Like