KubeadaptDocsBack to site
Sign inStart free
DocsAPI ReferenceCLI
  • Overview
    • Installation
    • Authentication
    • Configuration
  • Commands
Docs homev1CliAuthentication

CLI

CLI Authentication

Authenticate kubeadapt with your API key using interactive login, environment variables, or command-line flags. Includes CI/CD pipeline setup.

kubeadapt authenticates to the Kubeadapt API using a Bearer token. Generate an API key from the Kubernetes cost dashboard at app.kubeadapt.io, then store it in the config file, pass it as an environment variable, or supply it inline with flags.

Login

Run auth login to store your API key:

bash
kubeadapt auth login

The command prompts for your API key (input is hidden). You can skip the prompt by passing the key directly:

bash
kubeadapt auth login --api-key ka_your_key --api-url https://public-api.kubeadapt.io

Credentials are stored in ~/.kubeadapt/config.yaml.

Tip

The --api-url flag on auth login sets the API URL in the saved config. If you omit it, the URL defaults to http://localhost:8002. For production use, always pass --api-url https://public-api.kubeadapt.io.

Check status

To see the currently stored credentials:

bash
kubeadapt auth status

The API key is masked in the output. You'll see something like:

plaintext
API URL:  https://public-api.kubeadapt.io
API Key:  ka_y...r_key

Logout

To remove the stored API key from the config file:

bash
kubeadapt auth logout

This clears the api_key field in ~/.kubeadapt/config.yaml. The file itself is not deleted.

Using environment variables

For CI/CD pipelines or scripts where you don't want to write a config file, set KUBEADAPT_API_KEY and KUBEADAPT_API_URL as environment variables. See Configuration: Environment variables for the full reference.

bash
export KUBEADAPT_API_KEY=ka_your_key
export KUBEADAPT_API_URL=https://public-api.kubeadapt.io
kubeadapt get clusters

Using flags

You can pass credentials directly on any command with --api-key and --api-url:

bash
kubeadapt --api-key ka_your_key --api-url https://public-api.kubeadapt.io get clusters
Note

When the same setting appears in multiple places, flags take precedence over environment variables, which take precedence over the config file. See Configuration: Precedence for the full resolution order.

GitHub Actions example

yaml
1- name: Check pending savings
2  env:
3    KUBEADAPT_API_KEY: ${{ secrets.KUBEADAPT_API_KEY }}
4    KUBEADAPT_API_URL: https://public-api.kubeadapt.io
5  run: |
6    kubeadapt get recommendations --status pending -o json

Store KUBEADAPT_API_KEY in your repository's encrypted secrets. Never hardcode API keys in workflow files.

Troubleshooting

ErrorCauseFix
401 UnauthorizedInvalid or expired API keyRegenerate at app.kubeadapt.io and run auth login again
connection refusedWrong API URL or network issueCheck auth status and verify --api-url points to https://public-api.kubeadapt.io
permission denied on config fileFile permissions too openRun chmod 0600 ~/.kubeadapt/config.yaml
PreviousCLI InstallationCLINextCLI ConfigurationCLI

On this page

  • Login
  • Check status
  • Logout
  • Using environment variables
  • Using flags
  • GitHub Actions example
  • Troubleshooting
Edit this page
Kubeadapt

Kubernetes FinOps platform. Cost visibility, rightsizing, and capacity planning that pays for itself in 30 days.

Product

  • Cost Monitoring
  • Cost Attribution
  • Workload Rightsizing
  • Recommendations
  • Smart Alerting
  • Best Practices
  • Network Cross-AZ

Resources

  • Documentation
  • Status Page
  • Feature Requests

Company

  • About Us
  • Security
  • Careers
  • Contact

© 2026 Kubeadapt. All rights reserved.

PrivacyTermsSecurity