Skip to main content

Usage

phala login [api-key] [options]

Arguments

NameRequiredDescription
api-keyNoAPI key starting with phak_. If omitted, triggers device flow authentication

Options

FlagShortDefaultDescription
--manualfalseEnter API key manually instead of device flow
--no-openfalseSkip automatic browser launch during device flow
--profile <name>workspace slugSave credentials to named profile
--print-tokenfalsePrint token to stdout without saving
--url <url>https://cloud.phala.comCustom API endpoint URL

Authentication Methods

The simplest method. Opens a browser for authentication: 
phala login
Follow the prompts to authorize the CLI in your browser.

Direct API Key

Provide your API key directly: 
phala login phak_abc123...

Manual Entry

Enter API key interactively: 
phala login --manual

Environment Variable

Use API key without persisting: 
export PHALA_CLOUD_API_KEY=phak_abc123...
phala status

Profiles

Save credentials to different profiles for multiple workspaces: 
phala login --profile work
phala login --profile personal
phala switch work
Profile names default to your workspace slug.

Examples

Basic device flow authentication

$ phala login
Opening browser for authentication...
 Successfully authenticated as user@example.com

Direct API key login

$ phala login phak_abc123def456...
 Successfully authenticated as user@example.com

Save to named profile

$ phala login --profile work
Opening browser for authentication...
 Saved credentials to profile: work

$ phala login --print-token
phak_abc123def456...

Use environment variable (temporary)

$ export PHALA_CLOUD_API_KEY=phak_abc123...
$ phala status
 Authenticated as user@example.com

Security Notes

  • API keys are stored in ~/.phala-cloud/profiles/<profile>.json
  • File permissions are set to 600 (owner read/write only)
  • Never commit API keys to version control
  • Use environment variables for CI/CD environments