auth Command
The auth command manages local authentication state and stored API keys per-organization. Use this command to check your authentication status, manage credentials for multiple organizations, and troubleshoot login issues.
auth status
Section titled “auth status”Shows detailed authentication status including active organization, stored credentials, and any warnings.
pakyas auth statusWhat It Shows
Section titled “What It Shows”- Environment variable override warning (if
PAKYAS_API_KEYis set) - Active organization info
- Default project info
- Stored credentials summary (per-org keys with preview)
- Legacy key warnings (if migrating from V1)
Example Output
Section titled “Example Output”Authentication Status=====================Active Org: acme-corp (org_abc123)Default Project: production-api (proj_xyz789)
Stored Credentials: org_abc123 (acme-corp): pk_live_abc1... (added 2024-01-15, verified 2024-01-20) org_def456 (staging): pk_test_def4... (added 2024-01-10, never verified)Authenticate with Pakyas. Supports browser-based OAuth, API key, or interactive email/password login.
pakyas login [--api-key KEY] [--no-browser]| Flag | Description |
|---|---|
--api-key <KEY> | Login with API key directly (skips browser auth) |
--no-browser | Skip browser and use email/password interactively |
Examples
Section titled “Examples”# Browser-based login (default)pakyas login
# Login with API key (useful for CI/CD)pakyas login --api-key pk_live_abc123...
# Interactive email/password loginpakyas login --no-browserlogout
Section titled “logout”Clear the active session and authentication state.
pakyas logoutExample
Section titled “Example”pakyas logout# Output: Logged out successfullywhoami
Section titled “whoami”Show the currently authenticated user and organization.
pakyas whoamiExample
Section titled “Example”pakyas whoami# Output: Authenticated as: jane@example.com (Acme Corp)auth key list
Section titled “auth key list”Lists all locally stored API keys by organization.
pakyas auth key listWhat It Shows
Section titled “What It Shows”- Organization ID
- Key preview (first 12 characters)
- Label (device name + date)
- Added timestamp
- Last verified timestamp
Example
Section titled “Example”pakyas auth key list# Output:# Org ID Key Preview Label Added Verified# org_abc123 pk_live_abc1... MacBook Pro (2024) 2024-01-15 2024-01-20# org_def456 pk_test_def4... CI Server 2024-01-10 neverauth key set
Section titled “auth key set”Import or store an API key for a specific organization.
pakyas auth key set --org <ORG_ID> [--key <KEY>]| Flag | Description |
|---|---|
--org <ORG_ID> | Organization ID to set key for (required) |
--key <KEY> | API key to store (prompts if not provided) |
Behavior
Section titled “Behavior”- Prompts for key if
--keynot provided - Validates key format (
pk_prefix, minimum length) - Validates key belongs to specified org via API call
- Stores key with device label for identification
Examples
Section titled “Examples”# Set key interactively (prompts for key)pakyas auth key set --org org_abc123
# Set key directlypakyas auth key set --org org_abc123 --key pk_live_abc123...
# Set key for a second organization (multi-org setup)pakyas auth key set --org org_def456 --key pk_test_def456...auth key verify
Section titled “auth key verify”Verify that a stored API key is still valid.
pakyas auth key verify [--org <ORG_ID>]| Flag | Description |
|---|---|
--org <ORG_ID> | Organization ID to verify key for (uses active org if not specified) |
Behavior
Section titled “Behavior”- Retrieves stored key for the organization
- Calls API to validate the key
- Updates
last_verifiedtimestamp on success
Examples
Section titled “Examples”# Verify key for active organizationpakyas auth key verify
# Verify key for specific organizationpakyas auth key verify --org org_abc123auth key rm
Section titled “auth key rm”Remove a stored API key.
pakyas auth key rm (--org <ORG_ID> | --legacy) [-y]| Flag | Description |
|---|---|
--org <ORG_ID> | Organization ID to remove key for |
--legacy | Remove the legacy (unmigrated) API key from V1 |
-y, --yes | Skip confirmation prompt |
Note: --org and --legacy are mutually exclusive. You must specify one or the other.
Examples
Section titled “Examples”# Remove key for specific organization (with confirmation)pakyas auth key rm --org org_abc123
# Remove key without confirmationpakyas auth key rm --org org_abc123 -y
# Remove legacy V1 key during migrationpakyas auth key rm --legacyCredential Storage
Section titled “Credential Storage”Credentials are stored locally at ~/.config/pakyas/credentials.json using the V2 format, which supports per-organization API keys.
Storage Location
Section titled “Storage Location”| Platform | Path |
|---|---|
| Linux/macOS | ~/.config/pakyas/credentials.json |
V2 Format Features
Section titled “V2 Format Features”- Per-organization API keys (supports multiple orgs)
- Key metadata (label, timestamps)
- Automatic migration from V1 single-key format
- Legacy key preserved during migration
See Also
Section titled “See Also”- api-key Command - Server-side API key management (create, revoke)
- ping Command - Send pings to checks