CLI Authentication
Authenticate the RevKeen CLI with API keys and environment overrides
The current RevKeen CLI reads an API key from the environment and falls back to an interactive prompt if no key is set.
How authentication works
- If
REVKEEN_API_KEYis set, the CLI uses it. - If no environment variable is present, the CLI prompts you to paste a key interactively.
- The key must start with
rk_.
There is no persisted profile or OAuth login flow in the current CLI implementation.
Preferred setup
Set the API key in your shell before running commands:
export REVKEEN_API_KEY=rk_live_your_api_key
revkeen customers --list$env:REVKEEN_API_KEY = "rk_live_your_api_key"
revkeen customers --listInteractive fallback
If the environment variable is missing, the CLI prompts for a key:
Enter your RevKeen API key:That is useful for one-off sessions, but environment variables are better for repeatable developer workflows and CI.
Base URL override
The CLI defaults to the production API:
https://api.revkeen.comTo point the CLI at another environment, set REVKEEN_API_URL:
export REVKEEN_API_KEY=rk_sandbox_your_api_key
export REVKEEN_API_URL=https://staging-api.revkeen.com
revkeen invoices --list$env:REVKEEN_API_KEY = "rk_sandbox_your_api_key"
$env:REVKEEN_API_URL = "https://staging-api.revkeen.com"
revkeen invoices --listUse the base URL override deliberately. The CLI does not currently maintain named profiles or environment aliases for you.
CI usage
In CI, provide the API key as an environment variable:
- name: List invoices
env:
REVKEEN_API_KEY: ${{ secrets.REVKEEN_API_KEY }}
run: revkeen invoices --listSecurity guidance
- Use staging keys during development and live keys only for production operations.
- Prefer environment variables or a secret manager over ad hoc copy-paste on shared machines.
- Rotate keys regularly from the RevKeen dashboard.
- Avoid echoing keys into logs or shell history.