*nix shell commands

Command syntax

Bolt shell commands follow a noun-verb convention.

To view a full list of available commands, use the bolt help command:

bolt help

Commands

These subcommands, actions, and options are available for Bolt.

apply

Apply Puppet manifest code on the specified targets.

Documentation For documentation see http://pup.pt/bolt-apply.

Usage

bolt apply [manifest] {--targets TARGETS | --query QUERY | --rerun FILTER}
      [options]
Option Description
-t, --targets TARGETS Identifies the targets of the command.

For more information, see 'bolt guide targets'.

-q, --query QUERY Query PuppetDB to determine the targets.
--rerun FILTER Retry on targets from the last run.

Available filters are 'all', 'failure', and 'success'.

-u, --user USER User to authenticate as.
-p, --password PASSWORD Password to authenticate with.
--password-prompt Prompt for user to input password.
--private-key KEY Path to private ssh key to authenticate with.
--[no-]host-key-check Check host keys with SSH.
--[no-]ssl Use SSL with WinRM.
--[no-]ssl-verify Verify remote host SSL certificate with WinRM.
--run-as USER User to run as using privilege escalation.
--sudo-password PASSWORD Password for privilege escalation.
--sudo-password-prompt Prompt for user to input escalation password.
--sudo-executable EXEC Experimental. Specify an executable for running as another user.
-c, --concurrency CONCURRENCY Maximum number of simultaneous connections.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).
--[no-]save-rerun Whether to update the rerun file after this command.
--[no-]cleanup Whether to clean up temporary files created on targets.
--puppetdb INSTANCE The named PuppetDB instance to connect to by default.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--transport TRANSPORT Specify a default transport: docker, jail, local, lxd, pcp, podman, remote, ssh, winrm.

For more information, see 'bolt guide transports'.

--connect-timeout TIMEOUT Connection timeout in seconds (defaults vary).
--[no-]tty Request a pseudo TTY on targets that support it.
--[no-]native-ssh Experimental. Whether to shell out to native SSH or use the net-ssh Ruby library.
--ssh-command EXEC Experimental. Executable to use instead of the net-ssh Ruby library.
--copy-command EXEC Experimental. Command to copy files to remote hosts if using native SSH.
--format FORMAT Output format to use: human, json, or rainbow.
--[no-]color Whether to show output in color.
-v, --[no-]verbose Display verbose logging.
--trace Display error stack traces.
--stream Stream output from scripts and commands to the console.

Run with --no-verbose to prevent Bolt from displaying output

a second time after the action is completed.

-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--noop See what changes Bolt will make without actually executing the changes.
-e, --execute CODE Puppet manifest code to apply to the targets.
--compile-concurrency CONCURRENCY Maximum number of simultaneous manifest block compiles (default: number of cores).
--hiera-config PATH Specify where to load Hiera config from (default: <project>/hiera.yaml).

command run

Run a command on the specified targets.

Documentation For documentation see http://pup.pt/bolt-commands.

Usage

bolt command run <command> {--targets TARGETS | --query QUERY | --rerun FILTER}
      [options]
Option Description
-t, --targets TARGETS Identifies the targets of the command.

For more information, see 'bolt guide targets'.

-q, --query QUERY Query PuppetDB to determine the targets.
--rerun FILTER Retry on targets from the last run.

Available filters are 'all', 'failure', and 'success'.

-u, --user USER User to authenticate as.
-p, --password PASSWORD Password to authenticate with.
--password-prompt Prompt for user to input password.
--private-key KEY Path to private ssh key to authenticate with.
--[no-]host-key-check Check host keys with SSH.
--[no-]ssl Use SSL with WinRM.
--[no-]ssl-verify Verify remote host SSL certificate with WinRM.
--run-as USER User to run as using privilege escalation.
--sudo-password PASSWORD Password for privilege escalation.
--sudo-password-prompt Prompt for user to input escalation password.
--sudo-executable EXEC Experimental. Specify an executable for running as another user.
-c, --concurrency CONCURRENCY Maximum number of simultaneous connections.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).
--[no-]save-rerun Whether to update the rerun file after this command.
--[no-]cleanup Whether to clean up temporary files created on targets.
--puppetdb INSTANCE The named PuppetDB instance to connect to by default.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--transport TRANSPORT Specify a default transport: docker, jail, local, lxd, pcp, podman, remote, ssh, winrm.

For more information, see 'bolt guide transports'.

--connect-timeout TIMEOUT Connection timeout in seconds (defaults vary).
--[no-]tty Request a pseudo TTY on targets that support it.
--[no-]native-ssh Experimental. Whether to shell out to native SSH or use the net-ssh Ruby library.
--ssh-command EXEC Experimental. Executable to use instead of the net-ssh Ruby library.
--copy-command EXEC Experimental. Command to copy files to remote hosts if using native SSH.
--format FORMAT Output format to use: human, json, or rainbow.
--[no-]color Whether to show output in color.
-v, --[no-]verbose Display verbose logging.
--trace Display error stack traces.
--stream Stream output from scripts and commands to the console.

Run with --no-verbose to prevent Bolt from displaying output

a second time after the action is completed.

-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--env-var ENVIRONMENT_VARIABLES Environment variables to set on the target.

file download

Download a file or directory from one or more targets.

Downloaded files and directories are saved to the a subdirectory matching the target's name under the destination directory. The destination directory is expanded relative to the downloads subdirectory of the project directory.

Documentation For documentation see http://pup.pt/bolt-commands.

Usage

bolt file download <source> <destination> {--targets TARGETS | --query QUERY | --rerun FILTER}
      [options]
Option Description
-t, --targets TARGETS Identifies the targets of the command.

For more information, see 'bolt guide targets'.

-q, --query QUERY Query PuppetDB to determine the targets.
--rerun FILTER Retry on targets from the last run.

Available filters are 'all', 'failure', and 'success'.

-u, --user USER User to authenticate as.
-p, --password PASSWORD Password to authenticate with.
--password-prompt Prompt for user to input password.
--private-key KEY Path to private ssh key to authenticate with.
--[no-]host-key-check Check host keys with SSH.
--[no-]ssl Use SSL with WinRM.
--[no-]ssl-verify Verify remote host SSL certificate with WinRM.
--run-as USER User to run as using privilege escalation.
--sudo-password PASSWORD Password for privilege escalation.
--sudo-password-prompt Prompt for user to input escalation password.
--sudo-executable EXEC Experimental. Specify an executable for running as another user.
-c, --concurrency CONCURRENCY Maximum number of simultaneous connections.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).
--[no-]save-rerun Whether to update the rerun file after this command.
--[no-]cleanup Whether to clean up temporary files created on targets.
--puppetdb INSTANCE The named PuppetDB instance to connect to by default.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--transport TRANSPORT Specify a default transport: docker, jail, local, lxd, pcp, podman, remote, ssh, winrm.

For more information, see 'bolt guide transports'.

--connect-timeout TIMEOUT Connection timeout in seconds (defaults vary).
--[no-]tty Request a pseudo TTY on targets that support it.
--[no-]native-ssh Experimental. Whether to shell out to native SSH or use the net-ssh Ruby library.
--ssh-command EXEC Experimental. Executable to use instead of the net-ssh Ruby library.
--copy-command EXEC Experimental. Command to copy files to remote hosts if using native SSH.
--format FORMAT Output format to use: human, json, or rainbow.
--[no-]color Whether to show output in color.
-v, --[no-]verbose Display verbose logging.
--trace Display error stack traces.
--stream Stream output from scripts and commands to the console.

Run with --no-verbose to prevent Bolt from displaying output

a second time after the action is completed.

-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.

file upload

Upload a local file or directory.

Documentation For documentation see http://pup.pt/bolt-commands.

Usage

bolt file upload <source> <destination> {--targets TARGETS | --query QUERY | --rerun FILTER}
      [options]
Option Description
-t, --targets TARGETS Identifies the targets of the command.

For more information, see 'bolt guide targets'.

-q, --query QUERY Query PuppetDB to determine the targets.
--rerun FILTER Retry on targets from the last run.

Available filters are 'all', 'failure', and 'success'.

-u, --user USER User to authenticate as.
-p, --password PASSWORD Password to authenticate with.
--password-prompt Prompt for user to input password.
--private-key KEY Path to private ssh key to authenticate with.
--[no-]host-key-check Check host keys with SSH.
--[no-]ssl Use SSL with WinRM.
--[no-]ssl-verify Verify remote host SSL certificate with WinRM.
--run-as USER User to run as using privilege escalation.
--sudo-password PASSWORD Password for privilege escalation.
--sudo-password-prompt Prompt for user to input escalation password.
--sudo-executable EXEC Experimental. Specify an executable for running as another user.
-c, --concurrency CONCURRENCY Maximum number of simultaneous connections.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).
--[no-]save-rerun Whether to update the rerun file after this command.
--[no-]cleanup Whether to clean up temporary files created on targets.
--puppetdb INSTANCE The named PuppetDB instance to connect to by default.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--transport TRANSPORT Specify a default transport: docker, jail, local, lxd, pcp, podman, remote, ssh, winrm.

For more information, see 'bolt guide transports'.

--connect-timeout TIMEOUT Connection timeout in seconds (defaults vary).
--[no-]tty Request a pseudo TTY on targets that support it.
--[no-]native-ssh Experimental. Whether to shell out to native SSH or use the net-ssh Ruby library.
--ssh-command EXEC Experimental. Executable to use instead of the net-ssh Ruby library.
--copy-command EXEC Experimental. Command to copy files to remote hosts if using native SSH.
--format FORMAT Output format to use: human, json, or rainbow.
--[no-]color Whether to show output in color.
-v, --[no-]verbose Display verbose logging.
--trace Display error stack traces.
--stream Stream output from scripts and commands to the console.

Run with --no-verbose to prevent Bolt from displaying output

a second time after the action is completed.

-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--tmpdir DIR The directory to upload and execute temporary files on the target.

group show

Show the list of groups in the inventory.

Documentation To learn more about the inventory run 'bolt guide inventory'.

Usage

bolt group show [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
--format FORMAT Output format to use: human, json, or rainbow.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).

guide

View guides for Bolt's concepts and features.

Omitting a topic will display a list of available guides, while providing a topic will display the relevant guide.

Usage

bolt guide [topic] [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--format FORMAT Output format to use: human, json, or rainbow.

inventory show

Show the list of targets an action would run on. This command will list all targets in the project's inventory by default.

To filter the targets in the list, use the --targets, --query, or --rerun options. To view detailed configuration and data for targets, use the --detail option. To learn more about the inventory run 'bolt guide inventory'.

Documentation To learn more about the inventory run 'bolt guide inventory'.

Usage

bolt inventory show [options]
Option Description
-t, --targets TARGETS Identifies the targets of the command.

For more information, see 'bolt guide targets'.

-q, --query QUERY Query PuppetDB to determine the targets.
--rerun FILTER Retry on targets from the last run.

Available filters are 'all', 'failure', and 'success'.

-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
--format FORMAT Output format to use: human, json, or rainbow.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).
--detail Show resolved configuration for the targets.

lookup

Look up a value with Hiera.

Documentation Learn more about using Hiera with Bolt at https://pup.pt/bolt-hiera.

Usage

bolt lookup <key> {--targets TARGETS | --query QUERY | --rerun FILTER | --plan-hierarchy}
      [options]
Option Description
-t, --targets TARGETS Identifies the targets of the command.

For more information, see 'bolt guide targets'.

-q, --query QUERY Query PuppetDB to determine the targets.
--rerun FILTER Retry on targets from the last run.

Available filters are 'all', 'failure', and 'success'.

-u, --user USER User to authenticate as.
-p, --password PASSWORD Password to authenticate with.
--password-prompt Prompt for user to input password.
--private-key KEY Path to private ssh key to authenticate with.
--[no-]host-key-check Check host keys with SSH.
--[no-]ssl Use SSL with WinRM.
--[no-]ssl-verify Verify remote host SSL certificate with WinRM.
--run-as USER User to run as using privilege escalation.
--sudo-password PASSWORD Password for privilege escalation.
--sudo-password-prompt Prompt for user to input escalation password.
--sudo-executable EXEC Experimental. Specify an executable for running as another user.
-c, --concurrency CONCURRENCY Maximum number of simultaneous connections.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).
--[no-]save-rerun Whether to update the rerun file after this command.
--[no-]cleanup Whether to clean up temporary files created on targets.
--puppetdb INSTANCE The named PuppetDB instance to connect to by default.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--transport TRANSPORT Specify a default transport: docker, jail, local, lxd, pcp, podman, remote, ssh, winrm.

For more information, see 'bolt guide transports'.

--connect-timeout TIMEOUT Connection timeout in seconds (defaults vary).
--[no-]tty Request a pseudo TTY on targets that support it.
--[no-]native-ssh Experimental. Whether to shell out to native SSH or use the net-ssh Ruby library.
--ssh-command EXEC Experimental. Executable to use instead of the net-ssh Ruby library.
--copy-command EXEC Experimental. Command to copy files to remote hosts if using native SSH.
--format FORMAT Output format to use: human, json, or rainbow.
--[no-]color Whether to show output in color.
-v, --[no-]verbose Display verbose logging.
--trace Display error stack traces.
--stream Stream output from scripts and commands to the console.

Run with --no-verbose to prevent Bolt from displaying output

a second time after the action is completed.

-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--hiera-config PATH Specify where to load Hiera config from (default: <project>/hiera.yaml).
--plan-hierarchy Look up a value with Hiera in the context of a specific plan.

module add

Add a module to the project.

Module declarations are loaded from the project's configuration file. Bolt will automatically resolve all module dependencies, generate a Puppetfile, and install the modules.

Documentation To learn more about Bolt modules, run 'bolt guide module'.

Usage

bolt module add <module> [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).

module generate-types

Generate type references to register in plans. To learn more about Bolt modules, run 'bolt guide module'.

Documentation To learn more about Bolt modules, run 'bolt guide module'.

Usage

bolt module generate-types [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

module install

Install the project's modules.

Module declarations are loaded from the project's configuration file. Bolt will automatically resolve all module dependencies, generate a Puppetfile, and install the modules.

Documentation To learn more about Bolt modules, run 'bolt guide module'.

Usage

bolt module install [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
--force Force a destructive action.
--[no-]resolve Use --no-resolve to install modules listed in the Puppetfile without resolving modules configured

in Bolt project configuration.

module show

List modules available to the Bolt project.

Providing the name of a module will display detailed documentation for the module.

Documentation To learn more about Bolt modules, run 'bolt guide module'.

Usage

bolt module show [module name] [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

plan convert

Convert a YAML plan to a Puppet language plan and print the converted plan to stdout.

Converting a YAML plan might result in a plan that is syntactically correct but has different behavior. Always verify a converted plan's functionality. Note that the converted plan is not written to a file.

Documentation Learn more about Bolt plans at https://pup.pt/bolt-plans.

Usage

bolt plan convert <plan name> [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

plan new

Create a new plan in the current project.

Documentation Learn more about Bolt plans at https://pup.pt/bolt-plans.

Usage

bolt plan new <plan name> [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
--pp Create a new Puppet language plan.

plan run

Run a plan on the specified targets.

Documentation Learn more about Bolt plans at https://pup.pt/bolt-plans.

Usage

bolt plan run <plan name> [parameters] [options]
Option Description
-t, --targets TARGETS Identifies the targets of the command.

For more information, see 'bolt guide targets'.

-q, --query QUERY Query PuppetDB to determine the targets.
--rerun FILTER Retry on targets from the last run.

Available filters are 'all', 'failure', and 'success'.

-u, --user USER User to authenticate as.
-p, --password PASSWORD Password to authenticate with.
--password-prompt Prompt for user to input password.
--private-key KEY Path to private ssh key to authenticate with.
--[no-]host-key-check Check host keys with SSH.
--[no-]ssl Use SSL with WinRM.
--[no-]ssl-verify Verify remote host SSL certificate with WinRM.
--run-as USER User to run as using privilege escalation.
--sudo-password PASSWORD Password for privilege escalation.
--sudo-password-prompt Prompt for user to input escalation password.
--sudo-executable EXEC Experimental. Specify an executable for running as another user.
-c, --concurrency CONCURRENCY Maximum number of simultaneous connections.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).
--[no-]save-rerun Whether to update the rerun file after this command.
--[no-]cleanup Whether to clean up temporary files created on targets.
--puppetdb INSTANCE The named PuppetDB instance to connect to by default.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--transport TRANSPORT Specify a default transport: docker, jail, local, lxd, pcp, podman, remote, ssh, winrm.

For more information, see 'bolt guide transports'.

--connect-timeout TIMEOUT Connection timeout in seconds (defaults vary).
--[no-]tty Request a pseudo TTY on targets that support it.
--[no-]native-ssh Experimental. Whether to shell out to native SSH or use the net-ssh Ruby library.
--ssh-command EXEC Experimental. Executable to use instead of the net-ssh Ruby library.
--copy-command EXEC Experimental. Command to copy files to remote hosts if using native SSH.
--format FORMAT Output format to use: human, json, or rainbow.
--[no-]color Whether to show output in color.
-v, --[no-]verbose Display verbose logging.
--trace Display error stack traces.
--stream Stream output from scripts and commands to the console.

Run with --no-verbose to prevent Bolt from displaying output

a second time after the action is completed.

-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--params PARAMETERS Parameters to a task or plan as json, a json file '@<file>', or on stdin '-'.
--compile-concurrency CONCURRENCY Maximum number of simultaneous manifest block compiles (default: number of cores).
--tmpdir DIR The directory to upload and execute temporary files on the target.
--hiera-config PATH Specify where to load Hiera config from (default: <project>/hiera.yaml).

plan show

Show available plans and plan documentation.

Omitting the name of a plan will display a list of plans available in the Bolt project.

Providing the name of a plan will display detailed documentation for the plan, including a list of available parameters.

Documentation Learn more about Bolt plans at https://pup.pt/bolt-plans.

Usage

bolt plan show [plan name] [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--filter FILTER Filter tasks and plans by a matching substring.
--format FORMAT Output format to use: human, json, or rainbow.

plugin show

Show available plugins.

Documentation Learn more about Bolt plugins at https://pup.pt/bolt-plugins.

Usage

bolt plugin show [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--[no-]color Whether to show output in color.
--format FORMAT Output format to use: human, json, or rainbow.
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).

policy apply

Apply a policy to the specified targets.

Usage

bolt policy apply <policy> [options]
Option Description
-t, --targets TARGETS Identifies the targets of the command.

For more information, see 'bolt guide targets'.

-q, --query QUERY Query PuppetDB to determine the targets.
--rerun FILTER Retry on targets from the last run.

Available filters are 'all', 'failure', and 'success'.

-u, --user USER User to authenticate as.
-p, --password PASSWORD Password to authenticate with.
--password-prompt Prompt for user to input password.
--private-key KEY Path to private ssh key to authenticate with.
--[no-]host-key-check Check host keys with SSH.
--[no-]ssl Use SSL with WinRM.
--[no-]ssl-verify Verify remote host SSL certificate with WinRM.
--run-as USER User to run as using privilege escalation.
--sudo-password PASSWORD Password for privilege escalation.
--sudo-password-prompt Prompt for user to input escalation password.
--sudo-executable EXEC Experimental. Specify an executable for running as another user.
-c, --concurrency CONCURRENCY Maximum number of simultaneous connections.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).
--[no-]save-rerun Whether to update the rerun file after this command.
--[no-]cleanup Whether to clean up temporary files created on targets.
--puppetdb INSTANCE The named PuppetDB instance to connect to by default.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--transport TRANSPORT Specify a default transport: docker, jail, local, lxd, pcp, podman, remote, ssh, winrm.

For more information, see 'bolt guide transports'.

--connect-timeout TIMEOUT Connection timeout in seconds (defaults vary).
--[no-]tty Request a pseudo TTY on targets that support it.
--[no-]native-ssh Experimental. Whether to shell out to native SSH or use the net-ssh Ruby library.
--ssh-command EXEC Experimental. Executable to use instead of the net-ssh Ruby library.
--copy-command EXEC Experimental. Command to copy files to remote hosts if using native SSH.
--format FORMAT Output format to use: human, json, or rainbow.
--[no-]color Whether to show output in color.
-v, --[no-]verbose Display verbose logging.
--trace Display error stack traces.
--stream Stream output from scripts and commands to the console.

Run with --no-verbose to prevent Bolt from displaying output

a second time after the action is completed.

-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--compile-concurrency CONCURRENCY Maximum number of simultaneous manifest block compiles (default: number of cores).
--hiera-config PATH Specify where to load Hiera config from (default: <project>/hiera.yaml).
--noop See what changes Bolt will make without actually executing the changes.

policy new

Create a new policy in the current project.

Usage

bolt policy new <policy> [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).

policy show

Show available policies.

Usage

bolt policy show [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).

project init

Create a new Bolt project in the current working directory.

Specify a name for the Bolt project. Defaults to the basename of the current working directory.

Documentation To learn more about Bolt projects, run 'bolt guide project'.

Usage

bolt project init [name] [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--modules MODULES A comma-separated list of modules to install from the Puppet Forge

when initializing a project. Resolves and installs all dependencies.

project migrate

Migrate a Bolt project to use current best practices and the latest version of configuration files.

Documentation To learn more about Bolt projects, run 'bolt guide project'.

Usage

bolt project migrate [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).

script run

Run a script on the specified targets.

Arguments passed to a script are passed literally and are not interpolated by the shell. Any arguments containing spaces or special characters should be quoted.

Documentation Learn more about running scripts at https://pup.pt/bolt-commands.

Usage

bolt script run <script> [arguments] {--targets TARGETS | --query QUERY | --rerun FILTER}
      [options]
Option Description
-t, --targets TARGETS Identifies the targets of the command.

For more information, see 'bolt guide targets'.

-q, --query QUERY Query PuppetDB to determine the targets.
--rerun FILTER Retry on targets from the last run.

Available filters are 'all', 'failure', and 'success'.

-u, --user USER User to authenticate as.
-p, --password PASSWORD Password to authenticate with.
--password-prompt Prompt for user to input password.
--private-key KEY Path to private ssh key to authenticate with.
--[no-]host-key-check Check host keys with SSH.
--[no-]ssl Use SSL with WinRM.
--[no-]ssl-verify Verify remote host SSL certificate with WinRM.
--run-as USER User to run as using privilege escalation.
--sudo-password PASSWORD Password for privilege escalation.
--sudo-password-prompt Prompt for user to input escalation password.
--sudo-executable EXEC Experimental. Specify an executable for running as another user.
-c, --concurrency CONCURRENCY Maximum number of simultaneous connections.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).
--[no-]save-rerun Whether to update the rerun file after this command.
--[no-]cleanup Whether to clean up temporary files created on targets.
--puppetdb INSTANCE The named PuppetDB instance to connect to by default.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--transport TRANSPORT Specify a default transport: docker, jail, local, lxd, pcp, podman, remote, ssh, winrm.

For more information, see 'bolt guide transports'.

--connect-timeout TIMEOUT Connection timeout in seconds (defaults vary).
--[no-]tty Request a pseudo TTY on targets that support it.
--[no-]native-ssh Experimental. Whether to shell out to native SSH or use the net-ssh Ruby library.
--ssh-command EXEC Experimental. Executable to use instead of the net-ssh Ruby library.
--copy-command EXEC Experimental. Command to copy files to remote hosts if using native SSH.
--format FORMAT Output format to use: human, json, or rainbow.
--[no-]color Whether to show output in color.
-v, --[no-]verbose Display verbose logging.
--trace Display error stack traces.
--stream Stream output from scripts and commands to the console.

Run with --no-verbose to prevent Bolt from displaying output

a second time after the action is completed.

-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--tmpdir DIR The directory to upload and execute temporary files on the target.
--env-var ENVIRONMENT_VARIABLES Environment variables to set on the target.

secret createkeys

Create new encryption keys.

Documentation Learn more about secrets plugins at http://pup.pt/bolt-plugins.

Usage

bolt secret createkeys [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--plugin PLUGIN Select the plugin to use.
--force Force a destructive action.

secret decrypt

Decrypt a value.

Documentation Learn more about secrets plugins at http://pup.pt/bolt-plugins.

Usage

bolt secret decrypt <ciphertext> [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--plugin PLUGIN Select the plugin to use.

secret encrypt

Encrypt a value.

Documentation Learn more about secrets plugins at http://pup.pt/bolt-plugins.

Usage

bolt secret encrypt <plaintext> [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--plugin PLUGIN Select the plugin to use.

task run

Run a task on the specified targets.

Parameters take the form parameter=value.

Documentation Learn more about Bolt tasks at http://pup.pt/bolt-tasks.

Usage

bolt task run <task name> [parameters] {--targets TARGETS | --query QUERY | --rerun FILTER}
      [options]
Option Description
-t, --targets TARGETS Identifies the targets of the command.

For more information, see 'bolt guide targets'.

-q, --query QUERY Query PuppetDB to determine the targets.
--rerun FILTER Retry on targets from the last run.

Available filters are 'all', 'failure', and 'success'.

-u, --user USER User to authenticate as.
-p, --password PASSWORD Password to authenticate with.
--password-prompt Prompt for user to input password.
--private-key KEY Path to private ssh key to authenticate with.
--[no-]host-key-check Check host keys with SSH.
--[no-]ssl Use SSL with WinRM.
--[no-]ssl-verify Verify remote host SSL certificate with WinRM.
--run-as USER User to run as using privilege escalation.
--sudo-password PASSWORD Password for privilege escalation.
--sudo-password-prompt Prompt for user to input escalation password.
--sudo-executable EXEC Experimental. Specify an executable for running as another user.
-c, --concurrency CONCURRENCY Maximum number of simultaneous connections.
-i, --inventoryfile PATH Specify where to load inventory from (default: <project>/inventory.yaml).
--[no-]save-rerun Whether to update the rerun file after this command.
--[no-]cleanup Whether to clean up temporary files created on targets.
--puppetdb INSTANCE The named PuppetDB instance to connect to by default.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--transport TRANSPORT Specify a default transport: docker, jail, local, lxd, pcp, podman, remote, ssh, winrm.

For more information, see 'bolt guide transports'.

--connect-timeout TIMEOUT Connection timeout in seconds (defaults vary).
--[no-]tty Request a pseudo TTY on targets that support it.
--[no-]native-ssh Experimental. Whether to shell out to native SSH or use the net-ssh Ruby library.
--ssh-command EXEC Experimental. Executable to use instead of the net-ssh Ruby library.
--copy-command EXEC Experimental. Command to copy files to remote hosts if using native SSH.
--format FORMAT Output format to use: human, json, or rainbow.
--[no-]color Whether to show output in color.
-v, --[no-]verbose Display verbose logging.
--trace Display error stack traces.
--stream Stream output from scripts and commands to the console.

Run with --no-verbose to prevent Bolt from displaying output

a second time after the action is completed.

-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--params PARAMETERS Parameters to a task or plan as json, a json file '@<file>', or on stdin '-'.
--tmpdir DIR The directory to upload and execute temporary files on the target.
--noop See what changes Bolt will make without actually executing the changes.

task show

Show available tasks and task documentation.

Omitting the name of a task will display a list of tasks available in the Bolt project.

Providing the name of a task will display detailed documentation for the task, including a list of available parameters.

Documentation Learn more about Bolt tasks at http://pup.pt/bolt-tasks.

Usage

bolt task show [task name] [options]
Option Description
-h, --help Display help.
--version Display the version.
--log-level LEVEL Set the log level for the console. Available options are

trace, debug, info, warn, error, fatal.

--clear-cache Clear plugin, plan, and task caches before executing.
--project PATH Path to load the Bolt project from (default: autodiscovered from current dir).
-m, --modulepath MODULES List of directories containing modules, separated by ':'

Directories are case-sensitive.

--filter FILTER Filter tasks and plans by a matching substring.
--format FORMAT Output format to use: human, json, or rainbow.