Skip to content

op auth

Authentication and credential management

login

Establish credentials for the active profile

Usage: login [options]

Options:

  • --platform <url> — Platform URL
  • --key <api-key> — API key (skips interactive prompt)

logout

Clear credentials for the current profile

Usage: logout [options]


status

Show current authentication state

Usage: status [options]


whoami

Print current user details

Usage: whoami [options]


generate-key

Generate a new API key

Usage: generate-key [options]

Options:

  • --name <name> — Human-readable label for the key
  • --scopes <scopes> — Comma-separated scopes (valid: data:read, data:write, ontology:read, ontology:write, pipelines:read, pipelines:trigger, pipelines:manage, apps:read, apps:deploy, apps:manage, plugins:read, plugins:manage, users:read, users:manage, logs:read, webhooks:manage, execution:read, execution:run, admin)
  • --expires <ISO-date> — Expiry date (ISO 8601); omit for non-expiring key

list-keys

List all API keys for the current user

Usage: list-keys [options]


revoke-key

Revoke an API key

Usage: revoke-key [options] <key-id>

Arguments:

  • <key-id> — API key ID to revoke

rotate-key

Rotate an API key with overlap period

Usage: rotate-key [options] <key-id>

Arguments:

  • <key-id> — API key ID to rotate

Options:

  • --overlap <duration> — Overlap duration (e.g. 1h, 30m) (default: 1h)

emergency-rotate

Rotate JWT signing secret, invalidating ALL active sessions (admin only)

Usage: emergency-rotate [options]