Updating the CLI¶
The CLI can upgrade itself in place. mysecutec update downloads the latest
build for your platform from the environment's download host, verifies it, and
replaces the running executable.
1 2 | |
| Flag | Description |
|---|---|
--check |
Only check for an update; do not install |
How it works¶
- The build to install is fetched from the download host for your active
environment (
cli→ production,staging.cli→ staging,testing.cli→ testing). Override per-invocation with-e/--env. - The download's integrity is verified before it is applied: the published
SHA256SUMSis checked against a pinned minisign signature, and the binary's SHA-256 is checked against those sums. A bad signature or checksum aborts the update. - The new binary atomically replaces the current one. On Windows the old executable is moved aside first.
Versions and notifications¶
Builds are versioned automatically by the release pipeline (a date-based build
number that increases with every release), so update always moves you forward
to the newest published build.
The CLI periodically checks for a newer version in the background and prints a
one-line hint when you're behind. Run mysecutec version to see your current
version and commit.
Deprecation¶
Operators can set a minimum supported version. If your build is below that
floor, the CLI tells you to upgrade before continuing — run mysecutec update
to get back to a supported build.