shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ca560d36ce4f005df564a20d3116a60151ec0135
coder/docs/reference/cli/login.md
T
Zach 139dab7cfe feat(cli): optionally store session token in OS keyring (#20256) 
This change implements optional secure storage of the CLI token using the operating system
 keyring for Windows, with groundwork laid for macOS in a future change. Previously, the
 Coder CLI stored authentication tokens in plaintext configuration files, which posed a
 security risk because users' tokens are stored unencrypted and can be easily accessed by
 other processes or users with file system access.

The keyring is opt-in to preserve compatibility with applications (like the JetBrains
Toolbox plugin, VS code plugin, etc). Users can opt into keyring use with a new
`--use-keyring` flag.

The secure storage is platform dependent. Windows Credential Manager API is used on Windows.
The session token continues to be stored in plain text on macOS and Linux. macOS is omitted
for now while we figure out the best path forward for compatibility with apps like Coder Desktop.

https://www.notion.so/coderhq/CLI-Session-Token-in-OS-Keyring-293d579be592808b8b7fd235304e50d5

https://github.com/coder/coder/issues/19403
2025-10-30 17:41:08 -06:00

2.2 KiB
Generated
Raw Blame History

login

Authenticate with Coder deployment

Usage

coder login [flags] [<url>]

Description

By default, the session token is stored in a plain text file. Use the --use-keyring flag or set CODER_USE_KEYRING=true to store the token in the operating system keyring instead.

Options

--first-user-email
Type string
Environment $CODER_FIRST_USER_EMAIL

Specifies an email address to use if creating the first user for the deployment.

--first-user-username
Type string
Environment $CODER_FIRST_USER_USERNAME

Specifies a username to use if creating the first user for the deployment.

--first-user-full-name
Type string
Environment $CODER_FIRST_USER_FULL_NAME

Specifies a human-readable name for the first user of the deployment.

--first-user-password
Type string
Environment $CODER_FIRST_USER_PASSWORD

Specifies a password to use if creating the first user for the deployment.

--first-user-trial
Type bool
Environment $CODER_FIRST_USER_TRIAL

Specifies whether a trial license should be provisioned for the Coder deployment or not.

--use-token-as-session
Type bool

By default, the CLI will generate a new session token when logging in. This flag will instead use the provided token as the session token.

Reference in New Issue View Git Blame Copy Permalink