mirror of
https://github.com/coder/coder.git
synced 2026-06-04 05:28:20 +00:00
Zach
139dab7cfe
This change implements optional secure storage of the CLI token using the operating system keyring for Windows, with groundwork laid for macOS in a future change. Previously, the Coder CLI stored authentication tokens in plaintext configuration files, which posed a security risk because users' tokens are stored unencrypted and can be easily accessed by other processes or users with file system access. The keyring is opt-in to preserve compatibility with applications (like the JetBrains Toolbox plugin, VS code plugin, etc). Users can opt into keyring use with a new `--use-keyring` flag. The secure storage is platform dependent. Windows Credential Manager API is used on Windows. The session token continues to be stored in plain text on macOS and Linux. macOS is omitted for now while we figure out the best path forward for compatibility with apps like Coder Desktop. https://www.notion.so/coderhq/CLI-Session-Token-in-OS-Keyring-293d579be592808b8b7fd235304e50d5 https://github.com/coder/coder/issues/19403
72 lines
2.2 KiB
Markdown
Generated
72 lines
2.2 KiB
Markdown
Generated
<!-- DO NOT EDIT | GENERATED CONTENT -->
|
|
# login
|
|
|
|
Authenticate with Coder deployment
|
|
|
|
## Usage
|
|
|
|
```console
|
|
coder login [flags] [<url>]
|
|
```
|
|
|
|
## Description
|
|
|
|
```console
|
|
By default, the session token is stored in a plain text file. Use the --use-keyring flag or set CODER_USE_KEYRING=true to store the token in the operating system keyring instead.
|
|
```
|
|
|
|
## Options
|
|
|
|
### --first-user-email
|
|
|
|
| | |
|
|
|-------------|--------------------------------------|
|
|
| Type | <code>string</code> |
|
|
| Environment | <code>$CODER_FIRST_USER_EMAIL</code> |
|
|
|
|
Specifies an email address to use if creating the first user for the deployment.
|
|
|
|
### --first-user-username
|
|
|
|
| | |
|
|
|-------------|-----------------------------------------|
|
|
| Type | <code>string</code> |
|
|
| Environment | <code>$CODER_FIRST_USER_USERNAME</code> |
|
|
|
|
Specifies a username to use if creating the first user for the deployment.
|
|
|
|
### --first-user-full-name
|
|
|
|
| | |
|
|
|-------------|------------------------------------------|
|
|
| Type | <code>string</code> |
|
|
| Environment | <code>$CODER_FIRST_USER_FULL_NAME</code> |
|
|
|
|
Specifies a human-readable name for the first user of the deployment.
|
|
|
|
### --first-user-password
|
|
|
|
| | |
|
|
|-------------|-----------------------------------------|
|
|
| Type | <code>string</code> |
|
|
| Environment | <code>$CODER_FIRST_USER_PASSWORD</code> |
|
|
|
|
Specifies a password to use if creating the first user for the deployment.
|
|
|
|
### --first-user-trial
|
|
|
|
| | |
|
|
|-------------|--------------------------------------|
|
|
| Type | <code>bool</code> |
|
|
| Environment | <code>$CODER_FIRST_USER_TRIAL</code> |
|
|
|
|
Specifies whether a trial license should be provisioned for the Coder deployment or not.
|
|
|
|
### --use-token-as-session
|
|
|
|
| | |
|
|
|------|-------------------|
|
|
| Type | <code>bool</code> |
|
|
|
|
By default, the CLI will generate a new session token when logging in. This flag will instead use the provided token as the session token.
|