svcmd CLI reference
This topic describes every command, sub-command, alias, argument, and option available in the svcmd command line interface.
svcmd helps you manage application configuration, projects, protection, keys, station configuration, and related secure keys from the command line. It is installed locally as part of the PcVue installation, and you can use it from your preferred terminal.
You will use it to:
- Protect a project based on a secure key, including secure key generation and renewal
- Deploy a project on a host and define system-wide settings
- Remove protection of a project
- Prepare an unprotected copy of a project
If what you are looking for is a tool with a user interface, use the Host Deployment Console instead.
Refer to the topics Protecting and deploying a project, How to manage project and library versions, and Project and library migration to see the Host Deployment Console in action. These topics give step by step instructions to protect a project, deploy a protected project on a host, set up the Central Project Management, or perform a project migration using the Host Deployment Console or the svcmd and ProjectUtility CLI.
With the svcmd CLI, you can:
- Manage the application - svcmd app
- Retrieve and change the application data-folder
- Enable and disable a feature
- Manage secure keys - svcmd key
- Generate a new secure key
- Get the identifier and value of an existing key
- Change the passphrase associated with a key
- Manage a project - svcmd project
- Get the identifier and the format version of a project
- Manage project protection - svcmd project-protection
- List, add, remove, and renew secure keys associated with projects on the host
- Apply a secure key to a project
- Manage the central folder for version management - svcmd central-versions
- Manage host protection - svcmd host
- Set the fallback station number
- Protect the host by restricting it to only running a specific project
- Remove host and project protection
When installing PcVue, you can select an install location. By default, svcmd.exe is found in C:\Program Files\ARC Informatique\PcVue 17\
Commands support the following global options:
-h,--help- Provide help about the command or sub-command.--dry-run- Preview changes without applying.--no-prompt- Disable interactive prompts and confirmations.
svcmd uses plain text as its default output format. Some commands offer Json output with the --json option.
svcmd app data-folder [PATH] [global options]
svcmd app feature [FEATURE-NAME] [-e|--enable] [-d|--disable] [-u|--unset] [global options]
svcmd key generate <KEYFILE-PATH> [--pass <PASSPHRASE>] [--key-length <NUM>] [-f|--force] [global options]
svcmd key get-id <KEYFILE-PATH> [--pass <PASSPHRASE>] [global options]
svcmd key get-value <KEYFILE-PATH> [--pass <PASSPHRASE>] [global options]
svcmd key change-pass <KEYFILE-PATH> [--pass <PASSPHRASE>] [--new-pass <PASSPHRASE>] [global options]
svcmd central-versions info [--json [JSONFILE-PATH]] [global options]
svcmd central-versions enable [-c|--central-folder <PATH>] [global options]
svcmd central-versions disable [global options]
svcmd central-versions tune [-c|--central-folder <PATH>] [--ope-ref-update] [--export-folder <PATH>] [global options]
svcmd central-versions reset [-f|--force] [global options]
svcmd host info [--json [JSONFILE-PATH]] [global options]
svcmd host station-number [STATION-NUMBER] [-u|--unset] [global options]
svcmd host protect --project <PROJECT-FOLDER> [global options]
svcmd host unprotect [global options]
svcmd project get-id <PROJECT-FOLDER> [global options]
svcmd project get-format-version <PROJECT-FOLDER> [global options]
svcmd project list [--include-protection] [--json [JSONFILE-PATH]] [global options]
svcmd project-protection add <PROJECT-ID> <KEYFILE-PATH> [--pass <PASSPHRASE>] [--apply <PROJECT-FOLDER>] [global options]
svcmd project-protection remove <PROJECT-ID> <KEYFILE-PATH> [--pass <PASSPHRASE>] [--apply <PROJECT-FOLDER>] [global options]
svcmd project-protection renew <PROJECT-ID> <CURRENT-KEYFILE-PATH> <NEW-KEYFILE-PATH> [--pass-current <PASSPHRASE>] [--pass-new <PASSPHRASE>] [--apply <PROJECT-FOLDER>] [global options]
svcmd project-protection apply <PROJECT-ID> <KEYFILE-PATH> <PROJECT-FOLDER> [--pass <PASSPHRASE>] [global options]
svcmd project-protection unprotect-copy <PROJECT-ID> <KEYFILE-PATH> <PROJECT-COPY-FOLDER> [--pass <PASSPHRASE>] [global options]
svcmd project-protection list [--json [JSONFILE-PATH]] [global options]
The following table describes the notation used to document the syntax of Command Line Interface tools:
| Notation | Description |
Text without brackets or braces
|
Element you must type as shown. |
<Text inside angle brackets>
|
Placeholder for which you must supply a value. It is usually required to be passed as argument but may also be prompted if necessary. |
[Text inside square brackets]
|
Optional element. |
Vertical bar (|) |
Separator for mutually exclusive elements. You must choose one. |
- Security-sensitive commands require Administrative privileges:
svcmd app featureto change the status of a feature,svcmd project-protection,svcmd central-versions,svcmd host. - Close PcVue before executing a command.
- Use
--dry-runto preview changes safely. - Prefer using passphrases via environment variables or secure input to avoid shell history leaks.
- All commands are logged.
The service SV Core Security service must be running to perform cryptographic operations.
Make sure the service is started or such operations will fail to execute.
The fact that the SV Core Security service is running must be monitored at all times on all PcVue hosts.
- The following commands do not require Administrative privileges:
svcmd app featureto list features and their status.svcmd key.svcmd project.
- Combine
--no-promptwith automation pipelines.
Command svcmd app - Application management
Manage PcVue application configuration.
Sub-command svcmd app data-folder
Get or set the folder where application data are stored.
The Application data folder is the base folder where projects, common libraries and shared libraries are stored.
Changing it also affects the default folder of database files for archiving, the location of memory dumps and the location of log files for the default target (local files).
The Application data folder must be on a local storage device. It must not be a network resource.
The sv32.exe -b switch was used in the past to set a custom application data folder at startup. It came as a handy way to have several application data folders to store libraries and projects by theme. For example, if you are a system integrator, customer projects in a folder, test projects in another one and mock-up projects in a third one.
Because changing the application data folder does have security implications, it must be subjected to the current user being granted administrative privileges. And because the use of a switch for sv32.exe cannot be subject to administrative privileges enforcement, starting with version 17, the -b is ignored. Instead, you can use the Host Deployment Console or the svcmd app command before launching PcVue if you wish to switch from one application data folder to another one.
Aliases:
data-dir
Arguments:
[PATH]- Path to the data folder (optional).
Sub-command svcmd app feature
Manage application features and their status.
svcmd app feature [FEATURE-NAME] [-e|--enable] [-d|--disable] [-u|--unset] [global options]
Arguments:
[FEATURE-NAME]- Name of the feature to manage (optional). If omitted, lists all features and their status enabled/disabled.
Options:
-e,--enable- Enable the feature.-d,--disable- Disable the feature.-u,--unset- Remove explicit configuration and come back to product default.
Command svcmd key - Key management
Manage cryptographic keys used to protect a project.
Subcommand svcmd key generate
Generate a new secure key.
svcmd key generate <KEYFILE-PATH> [--pass <PASSPHRASE>] [--key-length <NUM>] [-f|--force] [global options]
Arguments:
<KEYFILE-PATH>- Where to write the key file (required).
Options:
--pass <PASSPHRASE>- Encrypt the key with a passphrase.--key-length <NUM>- Generated key size in bytes. Valid values are 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, and 64. Default and recommended value: 32 (256-bit key).-f,--force- Overwrite if file exists.
The KEYFILE and the associated <PASSPHRASE> may not be critical if you generate a secure key for protecting a project that will never contain any sensitive information. It may be the case if you create a project for a quick and dirty test for example.
The KEYFILE and the <PASSPHRASE> are sensitive information if they are generated with the goal of protecting a project that is or will be used as part of a system requiring protection against security threats. They are encryption keys that must be managed according to the policies in place in the system where they are used.
In particular, they must be backed up and accessible in case a host restoration must be performed. Failing to keep a safe and secure backup copy of the KEYFILE and associated <PASSPHRASE> means you will not be able to run the project it is associated to as part of a host computer replacement, or if you need to add a new PcVue host.
The <KEYFILE> associated to a project is a root key. Renewing it requires providing the previous key. No reset or enforced decryption exist.
Subcommand svcmd key change-pass
Change the passphrase protecting a key file.
This command can be used to rotate the passphrase of a key file periodically, or if the passphrase is compromised.
It does not change the actual key value used for encryption of the project and thus is not enough if the key itself is compromised. In such a case, a new key file must be generated, associated with a new passphrase, and it must be applied to the project that was protected by the compromised key.
svcmd key change-pass <KEYFILE-PATH> [--pass <PASSPHRASE>] [--new-pass <PASSPHRASE>] [global options]
Arguments:
<KEYFILE-PATH>- The key file for which you want to change the passphrase (required).
Options:
--pass <PASSPHRASE>- Current passphrase.--new-pass <PASSPHRASE>- New passphrase.
svcmd key change-pass X:\keys\my-project.key --pass MyOldPa$$phrase --new-pass MyNewPa$$phrase
Subcommand svcmd key get-id
Get the identifier associated with a secure key.
Aliases:
id
Arguments:
<KEYFILE-PATH>- The key file for which you want to get the identifier (required).
Options:
--pass <PASSPHRASE>- The passphrase used to protect the secure key.
Subcommand svcmd key get-value
Get the value associated with a secure key.
The key value associated with a secure key you retrieve with this command is the actual secret key. It is sensitive information if it is used to protect a project that is or will be used as part of a system requiring protection against security threats. It is an encryption key that must be managed according to the policies in place for the system where it is used.
Aliases:
value
Arguments:
<KEYFILE-PATH>- The key file for which you want to get the value (required).
Options:
--pass <PASSPHRASE>- The passphrase used to protect the secure key.
Command svcmd project - Project information
Get information about a project.
Subcommand svcmd project get-id
Get the identifier associated with a project.
Aliases:
id
Arguments:
<PROJECT-FOLDER>- Name of the project folder, either relative to the \Usr directory, or absolute path to the project folder (required).
Subcommand svcmd project get-format-version
Get the format version of a project.
Aliases:
format-version
Arguments:
<PROJECT-FOLDER>- Name of the project folder, either relative to the \Usr directory, or absolute path to the project folder (required).
Subcommand svcmd project list
List all projects available on the host.
Options:
-p,--include-protection- Include information about project protection.-
--json [JSONFILE-PATH]- Export results as structured JSON to the terminal or to the specified file.
The service SV Core Security must be running if using the option --include-protection.
If the service is not running, the svcmd project list --include-protection command fails.
Command svcmd project-protection - Project protection
Manage protection applied to a project.
Projects protection metadata are stored in the file \config\Secrets.dat. This file is encrypted based on host-specific elements, it cannot be used on a host other than the one where it was created. You must consider this file as opaque, read and modify it only with the Host Deployment Console or the svcmd CLI provided with PcVue. A backup copy of this file is not enough for host restoration. Key files and their associated passphrases are necessary for proper host restoration.
To facilitate the renewal of keys, the protection metadata includes the current key, and also the previous key if the key was renewed at least once in the past.
The service SV Core Security service must be running to perform cryptographic operations.
Make sure the service is started or such operations will fail to execute.
The fact that the SV Core Security service is running must be monitored at all times on all PcVue hosts.
Subcommand svcmd project-protection add
Adds project protection metadata to the host computer.
In practice, it imports the key value stored in the key file passed as argument so it can be used by PcVue to cipher and decipher data for the project referenced by its identifier on the host computer where the command is run. Optionally, the project cryptographic protection can be applied to the project stored in the folder passed as argument.
An error is returned indicating that the project is already protected if a key value already exists for the project on the host where the command is run.
svcmd project-protection add <PROJECT-ID> <KEYFILE-PATH> [--pass <PASSPHRASE>] [--apply <PROJECT-FOLDER>] [global options]
Arguments:
<PROJECT-ID>- The identifier of the project to add on the host computer (required).<KEYFILE-PATH>- The key file containing the secure key of the project being added (required).
Options:
--pass <PASSPHRASE>- Key passphrase.--apply <PROJECT-FOLDER>- Immediately apply cryptographic protection to project<PROJECT-FOLDER>.
svcmd project-protection add 44b95729-6de0-4ee0-950a-f746acf8a3ba X:\keys\my-project.key --pass MyPa$$phrase
Subcommand svcmd project-protection remove
Remove protection metadata from the host computer for a given project.
In practice, it removes the key value stored in the key file passed as argument from the host project protection metadata. Once executed, PcVue can no longer cipher or decipher data for the project referenced by its identifier on the host computer where the command is run. Optionally, the project cryptographic protection can be removed.
When you remove a current key, it remains part of the protection metadata as previous key, so that an apply can be performed on the corresponding project, deciphering the project with the previous key and then ciphering it with the new key.
An error is returned if you try to remove a previous key.
svcmd project-protection remove <PROJECT-ID> <KEYFILE-PATH> [--pass <PASSPHRASE>] [--apply <PROJECT-FOLDER>] [global options]
Arguments:
<PROJECT-ID>- The identifier of the project to remove from the host computer (required).<KEYFILE-PATH>- The key file containing the secure key of the project being removed (required).
Options:
--pass <PASSPHRASE>- Key passphrase.--apply <PROJECT-FOLDER>- Immediately remove cryptographic protection from project<PROJECT-FOLDER>.
svcmd project-protection remove 44b95729-6de0-4ee0-950a-f746acf8a3ba X:\keys\my-project.key --pass MyPa$$phrase
Subcommand svcmd project-protection renew
Re-new protection metadata on the host computer by using a new key.
In practice, it imports the key value stored in the new key file passed as argument so it can be used by PcVue to cipher and decipher data for the project referenced by its identifier on the host computer where the command is run. It also removes the key value stored in the old key file passed as argument. This old key can no longer be used by PcVue to cipher and decipher data for the project. Optionally, the project cryptographic protection based on the new key can be applied as part of the command.
If a key already exists for the project, the current key is shifted to previous key, and the new one is added as the current key.
If no key exists, an error is returned.
svcmd project-protection renew <PROJECT-ID> <CURRENT-KEYFILE-PATH> <NEW-KEYFILE-PATH> [--pass-current <PASSPHRASE>] [--pass-new <PASSPHRASE>] [--apply <PROJECT-FOLDER>] [global options]
Arguments:
<PROJECT-ID>- The identifier of the project to add on the host computer (required).<CURRENT-KEYFILE-PATH>- The key file containing the current secure key (required).<NEW-KEYFILE-PATH>- The key file containing the new secure key (required).
Options:
--pass-current <PASSPHRASE>- Current key passphrase.--pass-new <PASSPHRASE>- New key passphrase.--apply <PROJECT-FOLDER>- Immediately apply cryptographic protection with the new key to project<PROJECT-FOLDER>.
svcmd project-protection renew 44b95729-6de0-4ee0-950a-f746acf8a3ba X:\keys\my-project-current.key X:\keys\my-project-new.key --pass-current MyPa$$phrase --pass-new MyNewPa$$phrase
Subcommand svcmd project-protection apply
Apply cryptographic protection to a project stored on the host computer.
In practice, it applies cryptographic protection to the project referenced by its identifier and stored in the folder passed as argument, on the host computer where the command is run.
svcmd project-protection apply <PROJECT-ID> <KEYFILE-PATH> <PROJECT-FOLDER> [--pass <PASSPHRASE>] [global options]
Arguments:
<PROJECT-ID>- The identifier of the project to add on the host computer (required).<KEYFILE-PATH>- The key file containing the secure key of the project being added (required).<PROJECT-FOLDER>- Name of the project folder, either relative to the \Usr directory, or absolute path to the project folder (required).
Options:
--pass <PASSPHRASE>- Key passphrase.
svcmd project-protection apply 44b95729-6de0-4ee0-950a-f746acf8a3ba X:\keys\my-project.key C:\Projects\usr\MyProject --pass MyPa$$phrase
Subcommand svcmd project-protection list
Output the list all project protection metadata stored on the host where the command is run.
It returns a list of identifiers - project identifiers, current and previous keys identifiers - without revealing any encryption material. In particular, key values are not returned.
Options:
-
--json [JSONFILE-PATH]- Export results as structured JSON to the terminal or to the specified file.
Subcommand svcmd project-protection unprotect-copy
Unprotect a copy of a project by removing its cryptographic protection.
The project folder must be a copy stored in a working folder that is not a well-known PcVue directory.
As a result, the project copy is no longer protected by encryption based on a custom secure key. It is ciphered with the same default key as a newly created project. It can be loaded, used, and configuration data can be deciphered on any computer where PcVue is installed.
The unprotected copy has the same project identifier and comprises the same data as the project you copied originally, in particular the user directory and other potentially sensitive data. What this command does is like removing the project protection, without the key rotation. So not only it does not affect the original project stored in the \usr folder, but it also leaves the original project protection metadata untouched on the host. The original project can still run on the host where this command is used.
To prevent protection removal for a project that may be actively used, an error is returned if the project copy folder is in the well-known \usr directory of the application data folder.
A copy must be performed manually prior to unprotecting it.
This command is designed to allow sharing a non-sensitive part of a project with a third-party, a technical support team for example, with whom you do not want to share sensitive data, and in particular not the key file and not the passphrase.
The steps are typically the following:
- Create a copy of the project folder of interest (stored in the application data folder), into a working folder. The copy can already be selective, for example, in most cases, you do not want to copy the \TH folder if that is where you store proprietary archives.
- Remove any sensitive or unnecessary data from the project copy. As a minimum, the user directory shall be sanitized.
- Run this command on the project copy.
- Zip the folder and transmit it to the third-party.
The files and data making up the copy of the project are no longer protected by PcVue built-in encryption mechanisms. If sensitive data are present in the copy, they must be protected by alternative external mechanisms to make sure they cannot be compromised.
svcmd project-protection unprotect-copy <PROJECT-ID> <KEYFILE-PATH> <PROJECT-COPY-FOLDER> [--pass <PASSPHRASE>] [global options]
Arguments:
<PROJECT-ID>- Identifier of the project to unprotect (required).<KEYFILE-PATH>- Key file containing the secure key of the project to unprotect (required).<PROJECT-COPY-FOLDER>- Project name or path to the project folder to unprotect (required).
Options:
--pass <PASSPHRASE>- Key passphrase.
svcmd project-protection unprotect-copy 44b95729-6de0-4ee0-950a-f746acf8a3ba X:\MyProjectKey.key C:\temp\MyProject --pass MyPa$$phrase
Command svcmd central-versions - Central project management
Manage central project versions management.
Subcommand svcmd central-versions info
Show central project management information.
Options:
-
--json [JSONFILE-PATH]- Export results as structured JSON to the terminal or to the specified file.
Subcommand svcmd central-versions enable
Enable the use of central project management on the host.
Options:
-c [PATH],--central-folder [PATH]- Set the path to the folder where project and library versions are centrally stored and managed.
Subcommand svcmd central-versions disable
Disable the use of central project management on the host.
Subcommand svcmd central-versions tune
Tune central project management.
svcmd central-versions tune [-c|--central-folder <PATH>] [--ope-ref-update] [--export-folder <PATH>] [global options]
Options:
-c [PATH],--central-folder [PATH]- Set the path to the folder where project and library versions are centrally stored and managed.--ope-ref-update- Enable the update of a version in state OPE or REF.--export-folder <PATH>- Set the path to the folder where version history export files are stored.
Subcommand svcmd central-versions reset
Reset central project management.
Options:
-f,--force- Forces the reset without confirmation.
Command svcmd host - Host configuration and protection
Manage the computer host configuration and protection.
When a host is protected, the sv32.exe -station_number switch is ignored.
Subcommand svcmd host info
Show station configuration.
Options:
-
--json [JSONFILE-PATH]- Export results as structured JSON to the terminal or to the specified file.
Subcommand svcmd host station-number
Get or set the fallback station number.
Arguments:
[STATION-NUMBER]- The fallback station number to be used on the host if the station number cannot be resolved based on the IP addresses or on host names associated with stations in project configuration (optional).
Options:
-u,--unset- Remove explicit configuration and come back to product default.
Subcommand svcmd host protect --project <PROJECT-FOLDER>
Restrict the host to running a specific project only.
Options:
--project <PROJECT-FOLDER>- Restrict the host to running the project stored in<PROJECT-FOLDER>only (required).
Subcommand svcmd host unprotect
Remove host protection, any project can then be run.
Exit codes
To determine the exit code, run one of the following commands immediately after running the CLI command.
The following are the exit code values that can be returned at the end of a command.
| Code | Meaning |
| 0 | The operation completed successfully |
| 1 | Unspecified error |
| 2 | An error occurred during command line configuration |
| 3 | An error occurred while parsing command line arguments |
| 4 | One of the arguments provided on the command line is not valid |
| 5 | The operation is not implemented |
| 6 | An error occurred while performing an operation |
| 7 | Failure during cryptographic operation |
| 8 | An error occurred while communicating with the service |
| 9 | An error occurred while performing read, write or search operations in files or directories |
| 10 | Unable to access files or directories |
| 11 | A security error was detected |
| 12 | The command requires Administrative privileges |
| 13 | An instance of the PcVue application is running. The command cannot be executed |
| 14 | The specified project is already protected |
| 15 | The specified project is not protected |
| 16 | Invalid key for the specified project |
| 17 | The '.svproject' file does not exist in the specified project folder |
| 18 | ProjectId is missing from the '.svproject' file |
Cheat sheet
Here is a compact, practical cheat sheet for svcmd that you can keep next to your terminal.
Global options
| Option | Description |
-h, --help |
Provide help about the command or sub-command |
--dry-run
|
Preview changes without applying |
--no-prompt
|
Disable interactive prompts and confirmations |
Typical workflow examples
# 1. Generate key
svcmd key generate project.key --pass Secret123
# 2. Get project ID
svcmd project get-id C:\Projects\usr\MyProject
# 3. Add project protection metadata
svcmd project-protection add <PROJECT-ID> project.key --pass Secret123
# 4. Apply cryptographic protection to the project
svcmd project-protection apply <PROJECT-ID> project.key C:\Projects\usr\MyProject --pass Secret123
# 5. Set the fall-back station number
svcmd host station-number 7
# 6. Enable Central project management and Set the central folder
svcmd central-versions enable --central-folder \\MyFileServer\CentralStore
# 7. Restrict the host to only run MyProject
svcmd host protect --project C:\Projects\usr\MyProject
# 1. Get project ID
svcmd project get-id C:\Projects\usr\MyProject
# 2. Add project protection metadata
svcmd project-protection add <PROJECT-ID> project.key --pass Secret123
# 4. Set the fall-back station number
svcmd host station-number 7
# 5. Enable Central project management and Set the central folder
svcmd central-versions enable --central-folder \\MyFileServer\CentralStore
# 5. Bind the host to only run MyProject
svcmd host protect --project C:\Projects\usr\MyProject
App configuration
svcmd app data-folder [PATH] # Get/set app data folder
svcmd app feature # Output the list of features
svcmd app feature NAME --enable # Enable feature
svcmd app feature NAME --disable # Disable feature
svcmd app feature NAME --unset # Remove setting
Key management
svcmd key generate FILE.key --pass PASS # Create new key
svcmd key generate FILE.key -f # Overwrite existing key
svcmd key change-pass FILE.key --pass OLD --new-pass NEW # Change passphrase
svcmd key get-id FILE.key --pass PASS # Show key ID
svcmd key get-value FILE.key --pass PASS # Show key value
Project info
svcmd project get-id PROJECT_FOLDER # Get project identifier
svcmd project get-format-version PROJECT_FOLDER # Get project format version
svcmd project list --include-protection --json # Get the list of projects available on the host
Project protection
svcmd project-protection list # Output the list of protected projects on the host
svcmd project-protection list --json output.json # Output the list of protected projects on the host in a Json file
svcmd project-protection add PROJECT-ID KEY.key --pass PASS # Add project protection metadata to the host computer
svcmd project-protection add PROJECT-ID KEY.key --pass PASS --apply PROJECT_FOLDER # Add project protection metadata to the host computer and apply it to a project
svcmd project-protection apply PROJECT-ID KEY.key PROJECT_FOLDER # Apply project protection metadata to a project
svcmd project-protection remove PROJECT-ID KEY.key --pass PASS # Remove project protection metadata from the host computer
svcmd project-protection renew PROJECT-ID old.key new.key \ # Renew protection metadata on the host computer
--pass-current OLDPASS \
--pass-new NEWPASS
svcmd project-protection unprotect-copy PROJECT-ID KEY.key PROJECT_COPY_FOLDER # Unprotect a copy of a project
Central project management
svcmd central-versions enable --central-folder \\Server\Share # Enable central project management and set the central folder
svcmd central-versions reset # Reset central project management configuration
Host protection
svcmd host info # Output host protection information
svcmd host info --json host-info.json # Output host protection information in a Json file
svcmd host station-number 7 # Set the fall-back station number
svcmd host station-number --unset # Unset the fall-back station number
svcmd host protect --project PROJECT_FOLDER # Restrict the host to running only a specific project
svcmd host unprotect # Remove host protection
Common automation patterns
# Safe execution
svcmd project-protection add ... --dry-run
# Non-interactive scripting
svcmd key generate key.key --pass MyPass --no-prompt