As described in the introduction, the Raito CLI provides different commands to serve different use cases.


The run command is used to do a full synchronization between your data warehouse(s) and Raito Cloud as shown on the Introduction page.

The run command can be configured to either run just one full sync and exit immediately after or to keep running and repeat a full sync regularly. In the latter case, the CLI will, between full syncs, also listen continuously for changes to access controls in Raito Cloud and update them in the data warehouse(s). This allows changes to access controls to be applied within seconds.

A guide on how to use this command in combination with Raito Cloud can be found here, and specific configuration for this command can be found here

The get more information in a terminal window:

$> raito run --help


Can be used like this

$> raito run --help


raito help run


This command let’s you retrieve information that is provided by a connector.

For example, to get more information about the Snowflake connector you can run

$> raito info raito-io/cli-plugin-snowflake

Apply Access

This command should be used with extreme caution by somebody that knows what they are doing. This is typically used for disaster recovery reasons.

The apply-access command can be used to re-apply an access file that was generated by Raito Cloud during a synchronization run. During such a run, the access controls defined in Raito Cloud are exported to be applied to the target data source. When these files are backed up (see the configuration options of the run command), you can refer to that file to be re-applied using this command.
The file to use is typically the YAML file with the name starting with <target-name>-toTarget-access-, followed by the date/time when this file was created.

The command is used by providing the name of the target you want to apply this to, followed by the file-path of the file to use.

$> raito apply-access <target-name> <file-path>

It is possible to only apply a subset of the access providers that are in this file, by providing the --filter-access flag followed by a comma separated list of access provider names to apply. This can contain regular expressions to more easily match a set of access providers.
For example, you may do something like this:

$> raito apply-access mytarget mytarget-toTarget-access-2024-03-25T11-45-11.555.yaml --filter-access "TEST_.*,PROD_.*"

This will apply the access providers that start with either TEST_ or PROD_ in the given file to target mytarget.
The apply-access command will first let you know which access providers will be applied and always ask for your confirmation first.