boundary connect http
connect http command authorizes a session against a target and invokes an
HTTP client for the connection.
The command fills in the local address and port.
You also have access to some templated values that are substituted into the command arguments, and these values are additionally injected as environment variables in the executed command:
BOUNDARY_PROXIED_IP): The IP address of the listening socket that
boundary connecthas opened.
BOUNDARY_PROXIED_PORT): The port of the listening socket that
boundary connecthas opened.
BOUNDARY_PROXIED_ADDR): The host:port format of the address. This is essentially equivalent to
The following example authorizes a session to a target with the ID
ttcp_1234567890 and invokes the default HTTP client,
$ boundary connect http -target-id=ttcp_1234567890
$ boundary connect http [options] [args]
This command performs a target authorization or consumes an existing authorization token, and launches a proxied HTTP connection.
(string: "")- The authorization string returned from the Boundary controller via an
authorize-sessionaction against a target. This option is only required if you don't set a
-target-id. If you set the value to
-, the command attempts to read in the authorization string from standard input. You can also specify the authorization string using the BOUNDARY_CONNECT_AUTHZ_TOKEN environment variable.
(string: "")- If set, specifies that the given binary should be executed after connecting to the worker, if set. This value should be a binary on your path or an absolute path. If all command flags are followed by
--(space, two hyphens, space), then any arguments after that are sent directly to the binary. You can also specify a binary using the BOUNDARY_CONNECT_EXEC environment variable.
(string: "")- The ID of a specific host to connect to out of the target's host sets. If you do not indicate a specific host, Boundary chooses one at random.
(string: "")- The ID of the target to authorize against. You cannot use this option with
(string: "")- The target name, if you authorize the session using scope parameters and target name.
(string: "")- The target scope ID, if you authorize the session using scope parameters and target name. This value is mutually exclusive with
-scope-name. You can also specify the target scope ID using the BOUNDARY_CONNECT_TARGET_SCOPE_ID environment variable.
(string: "")- The target scope name, if you authorize the session using scope parameters and target name. This value is mutually exclusive with
-scope-id. You can also specify the target scope name using the BOUNDARY_CONNECT_TARGET_SCOPE_NAME environment variable.
(string: "")- The host value to use. This setting overrides the endpoint address from the session information. Boundary passes the specified host name through to the client for use in the host header and TLS SNI value, if supported. You can also specify the host value using the BOUNDARY_CONNECT_HTTP_HOST environment variable.
(string: "")- The HTTP method to use. If you don't set a method, Boundary uses the client's default. You can also specify a method using a the BOUNDARY_CONNECT_HTTP_METHOD environment variable.
(string: "")- The path that is appended to the generated URL. You can also specify a path using the BOUNDARY_CONNECT_HTTP_PATH environment variable.
(string: "")- The scheme to use. The default scheme is
https. You can also specify the scheme using the BOUNDARY_CONNECT_HTTP_SCHEME environment variable.
(string: "")- How the CLI attempts to invoke an HTTP client. This value also sets a suitable default for
-exec, if you did not specify a value. The default and currently-understood value is
curl. You can also specify how the CLI attempts to invoke the HTTP client using the BOUNDARY_CONNECT_HTTP_STYLE environment variable.