@fireblocks/fireblocks-cli
Advanced tools
Agent-first CLI for Fireblocks infrastructure. Execute any Fireblocks API operation from the command line.
Command-line interface for the Fireblocks API. Configure once, invoke any Fireblocks operation from your terminal or AI agent.
Commands are generated from the Fireblocks OpenAPI spec, so every endpoint is reachable and new endpoints appear automatically when the CLI updates. Authentication and JWT request signing are handled for you.
brew tap fireblocks/fireblocks-cli
brew install fireblocks-cli
npm install -g @fireblocks/fireblocks-cli
Download the latest release for your platform from GitHub Releases. No Node.js required.
| Architecture | Installer | Tarball |
|---|---|---|
| ARM64 (Apple Silicon) | fireblocks-v*-arm64.pkg | fireblocks-v*-darwin-arm64.tar.gz |
| x64 (Intel) | fireblocks-v*-x64.pkg | fireblocks-v*-darwin-x64.tar.gz |
| Architecture | Installer | Tarball |
|---|---|---|
| x64 | fireblocks-v*-x64.exe | fireblocks-v*-win32-x64.tar.gz |
| Architecture | .deb (Ubuntu / Debian) | Tarball |
|---|---|---|
| x64 | fireblocks_*_amd64.deb | fireblocks-v*-linux-x64.tar.gz |
| ARM64 | fireblocks_*_arm64.deb | fireblocks-v*-linux-arm64.tar.gz |
Tarballs are also available as .tar.xz for smaller downloads.
To verify a download, compare the sha256 shown on the release page against:
# macOS / Linux
sha256sum <downloaded-file>
# macOS alternative
shasum -a 256 <downloaded-file>
# 1. Configure your API key and secret (from the Fireblocks Console)
fireblocks configure
# 2. Verify credentials
fireblocks whoami
# 3. Make a request
fireblocks vaults get-vault-accounts-paged --json
# 4. Discover the API
fireblocks help-index
fireblocks configure — Manage credentialsInteractive setup that stores your API key ID and RSA secret in ~/.config/fireblocks/config.json. For agents and CI, use env vars or flags instead (see Authentication).
fireblocks configure # interactive
fireblocks configure --profile sandbox # named profile for multi-env setups
fireblocks whoami — Verify credentialsCalls GET /v1/users/me and returns the masked API key, base URL, and verification status. Use this as a smoke test before running anything else.
fireblocks whoami
fireblocks <namespace> <action> — API operationsCommands are generated from the Fireblocks OpenAPI spec. OpenAPI path parameters become required flags (kebab-case); query parameters become optional flags. Write ops take the body as --data '<json>'.
# Reads
fireblocks vaults get-vault-accounts-paged --json
fireblocks vaults get-vault-account --vault-account-id 0 --json
# Writes (include --no-confirm for non-interactive)
fireblocks transactions create-transaction \
--data '{"assetId":"BTC","amount":"0.01","source":{"type":"VAULT_ACCOUNT","id":"0"},"destination":{"type":"VAULT_ACCOUNT","id":"1"}}' \
--no-confirm
# Idempotent retries
fireblocks transactions create-transaction \
--data '{...}' \
--idempotency-key "$(uuidgen)" --no-confirm
Global flags:
| Flag | Env Var | Purpose |
|---|---|---|
--api-key | FIREBLOCKS_API_KEY | API key ID |
--secret-key | FIREBLOCKS_SECRET_KEY / FIREBLOCKS_SECRET_KEY_PATH | RSA private key (PEM string or path) |
--base-url | FIREBLOCKS_BASE_URL | Override endpoint (default https://api.fireblocks.io, sandbox https://sandbox-api.fireblocks.io) |
--profile | Named config profile | |
--data | JSON body for write operations | |
--idempotency-key | UUID for safe retries of write operations | |
--no-confirm | Skip confirmation prompt on writes | |
--dry-run | Print the assembled request without sending | |
--debug | Log request/response details to stderr | |
--json | Force structured JSON output |
fireblocks help-index — Discover the APIhelp-index prints a compact JSON manifest of every resource and action the CLI exposes — under 2K tokens for the full catalog. Designed for agents: one call gives enough to plan, without loading per-resource docs upfront.
fireblocks help-index # all resources and actions
fireblocks vaults --help # detail for one namespace
fireblocks vaults get-vault-account --help # detail for one action
fireblocks vaults get-vault-account --dry-run # preview the request
Progressive disclosure: start narrow with --help, widen to help-index only when you need to find something.
Credentials resolve in this order (highest priority first):
--api-key, --secret-keyFIREBLOCKS_API_KEY + (FIREBLOCKS_SECRET_KEY | FIREBLOCKS_SECRET_KEY_PATH)~/.config/fireblocks/config.json (select with --profile <name>)fireblocks configure is interactive-only. Agents and CI must use flags or env vars.
Write operations run against your workspace's Transaction Authorization Policy (TAP). The CLI submits requests; TAP decides whether they require co-signer or admin approval. The CLI is not a security boundary — TAP is. Treat CLI credentials with the same care you'd treat any key into a custody platform.
Errors are structured JSON on stderr:
{"code": 5, "status": 429, "message": "Rate limit exceeded", "request_id": "abc-123", "retry_after": 30}
Exit codes:
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | Client error (400/409/422) |
| 2 | Usage/parse error |
| 3 | Auth error (401/403) |
| 4 | Not found (404) |
| 5 | Rate limited (429) — retry after retry_after seconds |
| 6 | Server error (500+) |
| 7 | Timeout (30s) |
The CLI is designed to be driven by coding agents (Claude Code, Cursor, Devin). Install the CLI, then drop SKILL.md into your agent's skills directory. Agents will:
help-indexretry_after# List vault accounts, filter with jq, pipe to the next command
fireblocks vaults get-vault-accounts-paged --json \
| jq -r '.accounts[] | select(.assets[].balance > 0) | .id'
For agent workflows that benefit from typed tool schemas, use Fireblocks AI Link MCP. Use the CLI for leaf operations, scripts, and any time ambient schema tokens aren't worth the context cost. The two are designed to coexist.
Issues and PRs welcome at github.com/fireblocks/fireblocks-cli.
FAQs
Agent-first CLI for Fireblocks infrastructure. Execute any Fireblocks API operation from the command line.
The npm package @fireblocks/fireblocks-cli receives a total of 29 weekly downloads. As such, @fireblocks/fireblocks-cli popularity was classified as not popular.
We found that @fireblocks/fireblocks-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Mini Shai-Hulud expands into the Go ecosystem after hitting LeoPlatform npm packages and targeting GitHub Actions workflows.
Security News
The Fable shutdown shows how quickly model access can become a business continuity risk for AI-dependent engineering teams.
Security News
AI agents are pulling packages into environments no scanner is watching, creating exposure before security teams can see it.