Authentication

The EnvManager CLI supports two authentication methods: browser-based OAuth for local development and API keys for CI/CD pipelines.

Browser Login

For interactive use on your local machine:

envmanager login

This command:

  1. Opens your default browser to the EnvManager login page
  2. Waits for you to complete authentication
  3. Stores credentials securely in ~/.config/envmanager/auth.json

After successful login:

$ envmanager login
Opening browser for authentication...
Authentication successful!

Logged in as yourname@example.com

You can now use envmanager commands.
Run `envmanager list` to see your projects.

Check Current User

envmanager whoami

Shows your current authentication status:

Logged in as yourname@example.com

Organizations:
  - My Company (owner)
  - Client Project (member)

Logout

envmanager logout

Clears stored credentials.

API Keys (CI/CD)

For automated pipelines where browser login isn't possible, use API keys.

Creating API Keys

  1. Go to EnvManager web dashboard
  2. Navigate to Settings > API Keys
  3. Click Create API Key
  4. Copy the key (shown only once)

API keys look like: em_abc123...

Using API Keys

Set the ENVMANAGER_API_KEY environment variable:

export ENVMANAGER_API_KEY=em_your_api_key_here
envmanager pull

In CI/CD platforms, add the API key as a secret:

GitHub Actions:

env:
  ENVMANAGER_API_KEY: ${{ secrets.ENVMANAGER_API_KEY }}

GitLab CI:

variables:
  ENVMANAGER_API_KEY: $ENVMANAGER_API_KEY

API Key Permissions

API keys inherit the permissions of the user who created them. They can:

  • Access all organizations the user belongs to
  • Read/write variables the user has access to
  • Cannot create new organizations or manage team members

Security Best Practices

  1. Rotate keys regularly - Create new keys and revoke old ones periodically
  2. Use separate keys per environment - Different keys for staging vs production CI
  3. Never commit keys - Always use CI/CD secrets, never hardcode in config files
  4. Set expiration - When creating keys, set an expiration date

Credential Storage

Credentials are stored in:

~/.config/envmanager/auth.json

This file has 0600 permissions (owner read/write only). Never share or commit this file.

Troubleshooting

"Not authenticated" error

If you see authentication errors:

# Check if logged in
envmanager whoami

# Re-authenticate
envmanager logout
envmanager login

API key not working

  1. Verify the key is correctly set:
    echo $ENVMANAGER_API_KEY
  2. Check key hasn't expired in the web dashboard
  3. Ensure the user who created the key has access to the project
Previous
CLI Overview
Next
Core Commands

Get DevOps tips in your inbox

Security best practices and product updates. No spam.

No spam. Unsubscribe anytime.