Enterprise and Team Setup¶
Guide for deploying and using Omni CLI in team and enterprise environments.
Table of Contents¶
- Shared Configuration
- Environment Profiles
- Secret Management
- CI/CD Integration
- Team Onboarding
- Access Control
- Audit Logging
Shared Configuration¶
Teams can share a base Omni CLI configuration without exposing secrets.
Create a team base config¶
Create omni-team-config.toml:
# Shared settings
unleash_url = "https://unleash.company.com"
github_username = "company-bot"
mcp_config_path = "/opt/omni/mcp/servers.json"
thunderbolt_disk = "/Volumes/ThunderboltSSD"
# Secrets are left empty and provided via environment variables
hostinger_api_token = ""
github_token = ""
unleash_api_token = ""
Distribute the config¶
Store the shared config in your team's internal documentation or infrastructure repository (without secrets):
Per-user secrets¶
Each team member sets their own tokens:
Environment Profiles¶
Use environment variables to switch between environments:
# Production profile
export OMNI_HOSTINGER_API_TOKEN=$PROD_HOSTINGER_TOKEN
export OMNI_UNLEASH_URL=https://unleash.prod.company.com
# Development profile
export OMNI_HOSTINGER_API_TOKEN=$DEV_HOSTINGER_TOKEN
export OMNI_UNLEASH_URL=https://unleash.dev.company.com
You can create shell aliases:
alias omni-prod='OMNI_HOSTINGER_API_TOKEN=$PROD_HOSTINGER_TOKEN OMNI_UNLEASH_URL=https://unleash.prod.company.com omni'
alias omni-dev='OMNI_HOSTINGER_API_TOKEN=$DEV_HOSTINGER_TOKEN OMNI_UNLEASH_URL=https://unleash.dev.company.com omni'
Secret Management¶
For automated environments, use a secret manager:
With 1Password¶
eval $(op signin)
export OMNI_HOSTINGER_API_TOKEN=$(op read "op://vault/hostinger-token/credential")
With HashiCorp Vault¶
With AWS Secrets Manager¶
export OMNI_HOSTINGER_API_TOKEN=$(aws secretsmanager get-secret-value --secret-id omni/hostinger --query SecretString --output text)
CI/CD Integration¶
Use Omni CLI in CI/CD pipelines for infrastructure checks:
# .github/workflows/infra-check.yml
name: Infrastructure Check
on:
schedule:
- cron: '0 9 * * *'
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- run: pip install omni-cli
- run: |
omni hostinger domains
omni hostinger vps
env:
OMNI_HOSTINGER_API_TOKEN: ${{ secrets.HOSTINGER_TOKEN }}
Team Onboarding¶
New team members should:
- Install Omni CLI:
- Copy the shared config or run:
- Set environment-specific secrets
- Verify access:
Access Control¶
Token permissions by role¶
| Role | Hostinger | GitHub | Unleash |
|---|---|---|---|
| Developer | Read-only | Read-only | Read-only |
| DevOps | Read/Write | Read/Write | Toggle flags |
| Admin | Full access | Full access | Admin |
Use separate accounts¶
Avoid using personal accounts for team operations. Create service accounts or bots:
company-botfor GitHub- Dedicated Hostinger API users
- Unleash service accounts
Configuration Profiles¶
Use profiles to switch between environments:
# Create production profile
omni config profile create production
omni config set hostinger_api_token $PROD_HOSTINGER_TOKEN
omni config set unleash_url https://unleash.prod.company.com
# Create development profile
omni config profile create development
omni config set hostinger_api_token $DEV_HOSTINGER_TOKEN
omni config set unleash_url https://unleash.dev.company.com
# Switch profiles
omni config profile use production
omni config profile use development
Audit Logging¶
Omni CLI supports audit logging via the OMNI_AUDIT_LOG environment variable:
# Enable audit logging
export OMNI_AUDIT_LOG=/var/log/omni/audit.log
mkdir -p /var/log/omni
# All commands are now logged
omni hostinger domains
omni unleash flags
Example audit log entry:
Consider wrapping critical commands for additional syslog integration:
Logging Levels¶
Control Omni CLI internal logging:
Logs are written to ~/.config/omni/logs/omni.log when writable.