Skip to main content
crcli uses OAuth 2.0 device flow. Your token is stored in the OS keychain — no plaintext credentials, no repeated logins.
Device authorization grant must be enabled for your tenant before crcli auth login will work. If login fails with an authorization error, contact your Cloud.Red administrator or support to enable it.

Log In

A browser window opens automatically. Complete the login flow in your browser. crcli detects the completion and stores the token securely.
If the browser doesn’t open automatically, the command prints a URL you can paste manually.

Check Status

Shows whether you’re authenticated and when the token expires.

Log Out

Removes the stored token from the OS keychain.

Token Storage

Tokens are stored in the OS keychain (Keychain on macOS, Secret Service on Linux, Windows Credential Manager on Windows). They are never written to disk in plaintext. crcli automatically refreshes expired tokens. If the refresh fails, it re-runs the device flow and opens the browser again.

Environments

By default crcli connects to the production environment. To use staging:
Each environment stores its token separately, so you can be logged in to both at once.