Logto CLI
Logto CLI provide a convenient way to install, maintain, and update your Logto instance without handling those boring tech stuff manually.
Currently we don't ship binaries, thus Node.js ^18.12.0 is required in the environment.
Install CLI globally
Install via your preferred package manager to use logto command globally:
- npm
- Yarn
- pnpm
npm i @logto/cli -g
yarn global add @logto/cli
pnpm add -g @logto/cli
You can always append --help to show the help info of each command:
logto --help
logto db seed --help
Local CLI
A built-in version of CLI is shipped with every Logto release since v1.0.0-beta.11. Say you already have a Logto instance in ~/logto, then you can run the commands below:
cd ~/logto
npm run cli # Invoke the local CLI
Note if you want to execute with options, you need to prepend a -- BEFORE the options for Logto CLI, e.g.:
npm run cli db seed -- --db-url postgresql://your-database-url
Use CLI by npx
Another way to use Logto CLI is npx, which can execute a package without installation.
npx @logto/cli
This will be helpful for one-off invocations, e.g.:
npx @logto/cli db seed --db-url postgresql://your-database-url
Seed for air-gapped or offline deployments
Since Logto v1.40.0, both the init (install) and db seed commands accept an extra flag for environments that cannot reach the public internet during installation:
--disable-admin-pwned-password-check, --dapc
When set, the seeded password policy on the admin tenant disables the Have I Been Pwned (HIBP) breach check by default. This means creating the initial admin from the Welcome page no longer hangs when api.pwnedpasswords.com is unreachable (for example in air-gapped data centers or behind strict egress firewalls).
The flag is scoped to the admin tenant only. The default tenant's password policy is left untouched, and stays under your control through Admin Console > Sign-in experience > Password policy after the first admin signs in.
One-step install (recommended for fresh OSS deployments):
- CLI
- npm
- npx
logto init --disable-admin-pwned-password-check
npm init @logto@latest -- --disable-admin-pwned-password-check
npx @logto/cli init --disable-admin-pwned-password-check
Seed an existing database (when Logto is already extracted, or when re-seeding):
- CLI
- npm
- npx
logto db seed --disable-admin-pwned-password-check
npm run cli db seed -- --disable-admin-pwned-password-check
npx @logto/cli db seed --disable-admin-pwned-password-check
--dapc and --disable-admin-pwned-password-check are aliases; either one works.