CLI Authentication
Authenticate the RevKeen CLI with API keys or OAuth
The CLI supports two authentication methods: API key (recommended for most use cases) and OAuth (for browser-based login).
API key authentication
Set via config
revkeen config set api-key rk_live_your_api_keyThis writes the key to ~/.revkeen/config.toml. It persists across sessions and is used for all requests.
Set via environment variable
export REVKEEN_API_KEY=rk_live_your_api_keyThe environment variable takes priority over the config file. This is useful for CI/CD pipelines and scripts.
Set via flag
revkeen customers list --api-key rk_live_your_api_keyThe --api-key flag overrides both the config file and the environment variable for a single command.
Priority order
--api-keyflag (highest)REVKEEN_API_KEYenvironment variable~/.revkeen/config.tomlapi_key value
OAuth authentication
For interactive workflows, use browser-based OAuth:
revkeen auth loginThis opens your browser to the RevKeen authorization page. After you approve, the CLI stores the OAuth tokens in ~/.revkeen/config.toml.
Headless environments
In environments without a browser (SSH sessions, containers):
revkeen auth login --no-browserThis prints a URL for you to visit on another device.
Check authentication status
revkeen auth statusOutput:
Auth mode: api_key
API key: rk_live...abcd
Base URL: https://api.revkeen.comLog out
Remove stored credentials:
revkeen auth logoutSecurity best practices
- Use staging keys (
rk_sandbox_*) during development. Switch to live keys (rk_live_*) only for production. - Store production keys in a secret manager or environment variable, not in config files on shared machines.
- Rotate keys regularly from the RevKeen Dashboard.
- The config file at
~/.revkeen/config.tomlhas0600permissions (owner-only read/write).
CI/CD usage
In pipelines, pass the API key via environment variable:
# GitHub Actions example
- name: List customers
env:
REVKEEN_API_KEY: ${{ secrets.REVKEEN_API_KEY }}
run: revkeen customers list --output json