Quick Start
1. Authenticate
# Interactive OAuth login (opens browser)
gtm auth login
# Or use a service account for automation
gtm auth login --service-account path/to/key.json
2. Set defaults (optional)
# Configure your default account/container
gtm config setup
3. Start managing your GTM
# List your accounts
gtm accounts list
# List containers in an account
gtm containers list --account-id 123456
# List all tags in a workspace
gtm tags list
# Get a specific tag
gtm tags get --tag-id 42
Common Use Cases
Managing Tags
# List all tags
gtm tags list
# Create a new tag
gtm tags create --name "GA4 Event" --type gaawe --config '{"parameter": [...]}'
# Update a tag
gtm tags update --tag-id 42 --name "New Name"
# Delete a tag
gtm tags delete --tag-id 42 --force
Version Control
# Create a new version
gtm versions create --name "v1.0" --notes "Initial release"
# Get the current live version
gtm versions live
# Publish a version
gtm versions publish --version-id 42
Workspace Management
# List workspaces
gtm workspaces list
# Create a new workspace
gtm workspaces create --name "Feature Branch"
# Check workspace status (pending changes)
gtm workspaces status --workspace-id 1
# Sync workspace with live version
gtm workspaces sync --workspace-id 1
Server-Side GTM
GTM CLI fully supports server-side GTM resources:
# Manage clients
gtm clients list
gtm clients create --name "GA4 Client" --type gaaw_client
# Manage templates
gtm templates list
# Manage transformations
gtm transformations list
Output Formats
GTM CLI adapts to your workflow:
# Table output (default for terminals)
gtm tags list --output table
# JSON output (default when piping)
gtm tags list --output json
# Compact output (just IDs and names)
gtm tags list --output compact
# Pipe to other tools
gtm tags list | jq '.[].name'
CI/CD Integration
GTM CLI shines in automated workflows. Here’s an example GitHub Actions workflow:
jobs:
deploy-gtm:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install GTM CLI
run: |
curl -fsSL https://raw.githubusercontent.com/owntag/gtm-cli/main/install.sh | bash
- name: Deploy to GTM
env:
GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GTM_SERVICE_ACCOUNT_KEY }}
run: |
# Create and publish a new version
gtm versions create --name "Deploy ${{ github.sha }}"
gtm versions publish --version-id $(gtm version-headers list --output json | jq -r '.[0].containerVersionId')
Questions or feedback? Open an issue on GitHub β we'd love to hear from you!
Privacy policy for GTM CLI
GTM CLI is a command-line interface for Google Tag Manager, developed and maintained by owntag GmbH (“we”, “us”, or “our”). This privacy policy explains how GTM CLI handles user data when you authenticate with Google.
Data Accessed
When you authenticate GTM CLI with your Google account, the application requests access to the following data:
Google Tag Manager Data:
- Tag Manager account information
- Container configurations
- Workspaces, tags, triggers, and variables
- Container versions and publishing settings
- User permissions within Tag Manager
Google Account Information:
- Your email address
- Your display name
How Your Data Is Used
GTM CLI uses the accessed data exclusively to:
- Execute commands you initiate against the Google Tag Manager API
- Display your email and name in the CLI to confirm your authenticated identity
- Authenticate API requests on your behalf
All operations are performed locally on your machine. GTM CLI acts as a client that communicates directly with Google’s APIs based on your commands.
Data Sharing
GTM CLI does not share your data with any third parties.
- No user data is transmitted to owntag GmbH or any other party
- No analytics or telemetry data is collected
- No usage data is tracked or reported
- All network communication occurs exclusively between your local machine and Google’s official APIs
Data Storage and Protection
GTM CLI stores authentication credentials locally on your machine:
- Location:
~/.config/gtm-cli/credentials.json(Linux/macOS) or the equivalent application data directory on your operating system - Contents: OAuth access token, refresh token, token expiration time, and basic profile information (email, name)
- Protection: Credential files are created with restrictive file permissions (readable only by your user account)
No data is stored on external servers. All credentials remain exclusively on your local device.
Data Retention and Deletion
Retention: Authentication credentials are retained locally until you explicitly sign out or manually delete them.
Deletion: You can delete all stored data at any time by:
-
Running the logout command:
gtm auth logoutThis revokes your tokens with Google and deletes all locally stored credentials.
-
Alternatively, manually deleting the configuration directory:
rm -rf ~/.config/gtm-cli
Upon logout, GTM CLI also requests that Google revoke the issued tokens, ensuring your authorization is fully terminated.
Open Source Transparency
GTM CLI is open source software. You can review exactly how your data is handled by examining the source code at:
https://github.com/owntag/gtm-cli
Contact
If you have questions about this privacy policy or GTM CLI’s data practices, please get in touch through the contact information provided in our Impressum.
