Introducing Satori CLI

As a data engineer, you often have to fix issues in production data stores. But say you don’t have an IAM user that has access to that data store. How do you get access? In Satori, this is handled through a feature called Satori Authentication. For certain data stores, such as Snowflake, Postgres, and Redshift, you can use Satori to generate temporary credentials for individual users. Instead of having to maintain users and passwords directly in your database, all of the credentials are managed solely by the Satori platform. This greatly simplifies the process of managing users on databases or configuring single sign-on using identity and cloud providers.

For many of our customers, this has been a game-changer, and more than two-thirds of our users use Satori to get credentials to databases. But until now, the access model was just-in-time, meaning credentials needed to be generated for each access. This process could be a tad cumbersome, as it required visiting the data portal, authenticating, getting temporary credentials, pasting them into the tool, and only then getting access to the required data.

Today, we’re announcing a massive improvement to this feature: Satori CLI, an open source CLI tool that’s easy to install and use from known public repositories. With Satori CLI, our goal was to help our users perform their work faster with a more streamlined process to get access to the data they need. Engineers can now access data in a pattern they’re already familiar with from other tools such as cloud provider CLIs or SSO. Supported data stores include Redshift, PostgreSQL and MongoDB (see the docs for the full list). 

Masked PII retrieved through Satori CLI.

Today, instead of going to the data portal to generate credentials, engineers are able to simply invoke the CLI. This process offers a few options:

1. satori login –display: Asks the engineer to authenticate, and gives them temp credentials.
2. satori run <psql/dbt/mongosh/s3 <Datastore name> [database]: If the user has already performed satori login with psql or the credentials are still valid, this invokes the tool without the need to perform authentication. Otherwise, it requires the user to authenticate and then starts the SSO login flow.
3. satori pgpass: Allows users to use Satori CLI with DataGrip, or any other tool that supports pgpass, to get credentials with login if needed.
4. satori aws: Generates credentials for AWS services.

Read the docs to see how to install Satori CLI on Windows, Linux, and Mac.

Example use of Satori CLI with DataGrip.

Satori’s driving mission is to make data access as easy as possible, no matter what team or role you’re in. Whether you’re most comfortable accessing data through a portal, on Slack or Teams, or now, on the command line, Satori seamlessly brings self-service data access into your workflow. No one should need to wait days, weeks, or months to get access to data, even if it’s sensitive. From data scientists needing access to data lakes and warehouses for AI projects, to engineers resolving tickets in production databases, Satori makes it easy to get secure, compliant access to data in minutes.

To learn more about how Satori can help you secure your sensitive customer data to win with data, book a demo with our team, or read more about Satori’s Data Security Platform.