The CLI stores a JWT access token in ~/.infraudit/config.yaml after you log in. All subsequent commands use that token automatically — you do not need to pass credentials on every invocation.
Commands
auth login
Log in with your email and password. If you omit the flags, the CLI prompts you interactively:
# Interactive
infraudit auth login
# Non-interactive (for scripts and CI)
infraudit auth login --email user@example.com --password mypassword
| Flag | Description |
|---|
--email | Your InfraAudit account email |
--password | Your account password |
auth register
Create a new InfraAudit account. Prompts interactively if flags are not provided:
# Interactive
infraudit auth register
# Non-interactive
infraudit auth register --email user@example.com --name "Jane Smith" --password mypassword
| Flag | Description |
|---|
--email | Email address for the new account |
--name | Full name |
--password | Account password |
auth whoami
Display the currently authenticated user:
auth logout
Clear the stored credentials from the config file:
Token refresh
The CLI refreshes the access token automatically using the stored refresh_token. If both tokens expire — for example, after a long period of inactivity — run infraudit auth login again.
API token authentication
For non-interactive environments where you need a stable, long-lived credential, use an API token:
infraudit auth login --token <your-api-token>
~/.infraudit/config.yaml under auth.token and used as a Bearer credential on every request.
API tokens can be generated in the InfraAudit web platform under Settings → API Tokens.
CI/CD usage
For automated pipelines, pass credentials via flags sourced from CI secrets rather than committing credentials or copying config files:
infraudit auth login --email "$CI_EMAIL" --password "$CI_PASSWORD"
infraudit auth login --token "$INFRAUDIT_TOKEN"
Security notes
Do not commit ~/.infraudit/config.yaml to source control. It contains your access token.
- Credentials are stored with
0600 file permissions (owner read/write only).
- Each team member should maintain their own config file with their own credentials.
- Rotate API tokens from the web platform if a token is compromised.