Skip to content

sgaunet/jwt-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

94 Commits
.github
.github
 
 
cmd
cmd
 
 
doc
doc
 
 
pkg/cryptojwt
pkg/cryptojwt
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
.goreleaser.yml
.goreleaser.yml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Taskfile.yml
Taskfile.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Go Report Card GitHub release GitHub Downloads Coverage Linter Coverage Release GoDoc License

jwt-cli

jwt-cli is a utility to encode/decode JWT token.

Tool to encode/decode JWT token

Usage:
  jwt-cli [command]

Available Commands:
  decode      decode JWT token
  encode      encode JWT token
  genkeys     print commands example to generate keys for ES256, ES384, ES512, RS256, RS384, RS512
  help        Help about any command
  version     print version of jwt-cli

Flags:
  -h, --help   help for jwt-cli

Use "jwt-cli [command] --help" for more information about a command.

Supported methods are actually:

  • HS256
  • HS384
  • HS512
  • ES256
  • ES384
  • ES512
  • RS256
  • RS384
  • RS512

Demo

demo

Install

Option 1

  • Download the release
  • Install the binary in /usr/local/bin

Option 2: With brew

brew tap sgaunet/homebrew-tools
brew install sgaunet/tools/jwt-cli

Option 3: Docker image

Possibility to copy the binary by using the docker image

FROM sgaunet/jwt-cli:latest as jwtcli

FROM ....
COPY --from jwtcli /jwt-cli /usr/bin/jwt-cli

Getting started

Quite easy, this tool will help you to encode/decode JWT tokens.

# encode
$ jwt-cli encode hs512 --payload '{ "email": "myemail@me.com" }' --secret "myAwesomeSecret"
eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im15ZW1haWxAbWUuY29tIn0.SE0u1AWrDTHv67PnUALZl8VQ-7rnSXBNDTCVT_Dj12FStO6hL0ak0i4imcUHpWBEh-c5oSc-H90prGQ0oZx6ng
# try to decode with a wrong secret
$ jwt-cli decode hs512 --secret "wrong secret" --token "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im15ZW1haWxAbWUuY29tIn0.SE0u1AWrDTHv67PnUALZl8VQ-7rnSXBNDTCVT_Dj12FStO6hL0ak0i4imcUHpWBEh-c5oSc-H90prGQ0oZx6ng"
signature is invalid
# decode with the good secret
$ jwt-cli decode hs512 --secret "myAwesomeSecret" --token "eyJhbGciOiJIUzUxMiIsInR
5cCI6IkpXVCJ9.eyJlbWFpbCI6Im15ZW1haWxAbWUuY29tIn0.SE0u1AWrDTHv67PnUALZl8VQ-7rnSXBNDTCVT_Dj12FStO6hL0ak0i4imcUHpWBEh-c5oSc-H90prGQ0oZx6ng"
{
  "email": "myemail@me.com"
}

Shell Completion

jwt-cli supports shell completion for bash, zsh, fish, and PowerShell. This enables TAB completion for commands, subcommands, and flags.

Installation

Bash

On macOS (using Homebrew):

jwt-cli completion bash > $(brew --prefix)/etc/bash_completion.d/jwt-cli
source ~/.bashrc

On Linux:

sudo jwt-cli completion bash > /etc/bash_completion.d/jwt-cli
source ~/.bashrc

Zsh

# Create completions directory if it doesn't exist
mkdir -p ~/.zsh/completions

# Generate completion file
jwt-cli completion zsh > ~/.zsh/completions/_jwt-cli

# Add to .zshrc if not already present:
# fpath=(~/.zsh/completions $fpath)
# autoload -Uz compinit && compinit

Fish

jwt-cli completion fish > ~/.config/fish/completions/jwt-cli.fish

PowerShell

# For current session
jwt-cli completion powershell | Out-String | Invoke-Expression

# For persistent installation, add to your PowerShell profile:
jwt-cli completion powershell >> $PROFILE

Usage Examples

After installation and restarting your shell:

jwt-cli <TAB>              # Shows: encode, decode, genkeys, version, help
jwt-cli encode <TAB>       # Shows: hs256, hs384, hs512, rs256, rs384, rs512, es256, es384, es512
jwt-cli encode hs256 -<TAB> # Shows available flags
jwt-cli decode rs256 --private-key <TAB>  # Shows .pem and .key files

Troubleshooting

If completion doesn't work:

  1. Verify jwt-cli is in your PATH: which jwt-cli
  2. Restart your shell or open a new terminal window
  3. For Zsh, ensure fpath includes your completions directory
  4. Check that completion files are in the correct location

For more information: jwt-cli completion --help

Development

This project is using :

The docker image is only created to simplify the copy of jwt-cli in another docker image.

Create keys

RS256

ssh-keygen -t rsa -b 4096 -E SHA256 -m PEM -P "" -f RS256-private.pem
openssl rsa -in RS256-private.pem -pubout -outform PEM -out RS256-public.pem

RS384

ssh-keygen -t rsa -b 4096 -E SHA384 -m PEM -P "" -f RS384-private.pem
openssl rsa -in RS384-private.pem -pubout -outform PEM -out RS384-public.pem

RS512

ssh-keygen -t rsa -b 4096 -E SHA512 -m PEM -P "" -f RS512-private.pem
openssl rsa -in RS512-private.pem -pubout -outform PEM -out RS512-public.pem

ES256

openssl ecparam -genkey -name prime256v1  -noout -out ES256-private.pem
openssl ec -in ES256-private.pem -pubout -out ES256-public.pem

ES384

openssl ecparam -name secp384r1 -genkey -noout -out ES384-private.pem
openssl ec -in ES384-private.pem -pubout -out ES384-public.pem

ES512

openssl ecparam -genkey -name secp521r1 -noout -out ES512-private.pem
openssl ec -in ES512-private.pem -pubout -out ES512-public.pem

About

jwt-cli is a tool to encode/decode JWT token

Topics

cli golang jwt jwt-tokens jwt-token jsonwebtoken command-line-tool json-web-token jwt-cli

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 14

v1.5.1 Latest
Dec 27, 2025
+ 13 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Contributors 2

  •  
  •  

Languages