CLI security check
You can use the sec-check command to quickly assess your Contentful organization’s security posture. It runs out-of-the-box with the following check points:
- Permissions. Only an organization admin or owner can perform the security check.
- Security contact configured
- Audit logging enabled
- Long-expiry access tokens
- SSO enabled
- SSO enforced
- SSO exempt users identified
- MFA status for exempt users
Each check delivers clear PASS/FAIL results with actionable data.
Prerequisites
- Locally installed
contentful-cli. - Authenticated with
contentful-cli. - A Contentful Management API token with organization admin or owner permissions to read organization settings.
Usage
Example

The results can be exported as a JSON file with a single flag -o, making it easy to archive, track changes over time, or integrate with monitoring dashboards. Each failing check includes contextual details (counts, affected IDs) to help with troubleshooting.