Security Commands¶
KelpMesh security audit¶
View the append-only audit trail.
Options:
- --actor — Filter by actor
- --action — Filter by action
- --resource — Filter by resource
- --status — Filter by status (success/failed)
- --limit — Number of entries (default: 100)
KelpMesh security classify¶
Classify data columns by sensitivity level.
Options:
- --table — Table to classify
- --init — Generate stub classify.yml
KelpMesh security mask¶
Preview column masking for a role.
Options:
- --table — Table name
- --columns — Comma-separated column names
- --role — Role to preview (viewer, editor, admin)
KelpMesh security rls¶
List or generate row-level security policies.
Options:
- --init — Generate stub security.yml
KelpMesh security clean-pii¶
Erase PII data across warehouse tables.
Options:
- --id-col — Identifier column name
- --id-value — Identifier value to erase
- --tables — Comma-separated table names (all if omitted)
- --dry-run — Preview without erasing
KelpMesh security status¶
Show security subsystem status.
KelpMesh security roles¶
List available roles and their access levels.