Native CLI Client

Use onepam ssh, onepam psql, and onepam mysql from your terminal. The CLI authenticates via OAuth2 Device Code Flow with full audit trail.

Start Free Trial See All Features
What You Get

Secure Access From Your Terminal

OAuth2 Device Code Flow for terminal-based authentication
Use onepam psql, onepam mysql, and other database subcommands from your terminal
Token caching in ~/.onepam/ for session persistence
Resource listing with type, status, and host information
Automatic token refresh and expiration management
Works with all plans — Solo through Enterprise
Lightweight single binary with zero dependencies
Config management for multi-environment setups
Compatible with CI/CD pipelines and automation scripts
CLI Workflow

Device Code Authentication

Terminal onepam auth login Opening browser for authentication... Device code: XKCD-4829 ✓ Authenticated as dev@acme.com Token cached in ~/.onepam/token.json onepam resources list NAME TYPE STATUS prod-web-01 ssh online prod-postgresql postgresql online staging-mysql mysql online internal-grafana web online onepam psql prod-postgresql Connecting via gateway gw-eu-west-1... ✓ Session s-a3e9f1 started (recording enabled) psql (15.4) prod=> SELECT count(*) FROM users;
Deploy in Under 5 Minutes

Three Steps to Secure Access

1. Sign Up With SSO

Connect your identity provider — Okta, Azure AD, Google Workspace, or any SAML/OIDC provider. Your team logs in with existing credentials.

2. Add Your Resources

Register servers, databases, Kubernetes clusters, and web apps. Define who can access what with role-based policies.

3. Access Securely

Your team accesses resources through the browser — identity-verified, session-recorded, and audit-logged. No VPN, no exposed ports.

Goes Well With

Related Capabilities

SSH Access Management

Stop exposing SSH ports and sharing keys. OnePAM provides identity-verified browser SSH with session recording, keystroke logging, and automatic key rotation.

Secure RDP Access Management

Shared admin accounts and exposed RDP ports are the #1 Windows attack vector. OnePAM replaces them with identity-verified RDP and session recording.

VNC Remote Desktop Access

VNC ports on the internet are a breach waiting to happen. OnePAM provides browser-based VNC with SSO, MFA, and session recording.

Try Native CLI Client — Free for 14 Days

From signup to your first secure session in under 5 minutes. No infrastructure changes, no credit card, no sales call.

Start Free — Deploy in 5 Minutes