CLI Authentication

The PaiTIENT Secure Model CLI provides several methods for authentication. This document explains how to authenticate with the CLI for secure access to the API.

Authentication Methods

The CLI supports the following authentication methods:

1. Interactive login
2. Environment variables
3. Configuration file
4. Command-line parameters

Interactive Login

The simplest way to authenticate is through the interactive login command:

secure-model login

This command will prompt you for your Client ID and API Key. After successful authentication, your credentials will be securely stored in the configuration file (~/.paitient/config.json).

Environment Variables

You can authenticate using environment variables:

export PAITIENT_API_KEY="your-api-key"
export PAITIENT_CLIENT_ID="your-client-id"

# Now run commands without explicit authentication
secure-model list deployments

This method is particularly useful for CI/CD pipelines and scripts.

Configuration File

The CLI reads credentials from ~/.paitient/config.json if present:

{
  "client_id": "your-client-id",
  "api_key": "your-api-key"
}

You can create or modify this file manually, or use the configure command:

secure-model configure

Command-line Parameters

You can provide credentials directly as command-line parameters:

secure-model list deployments --client-id "your-client-id" --api-key "your-api-key"

WARNING

Providing credentials as command-line parameters is not recommended for security reasons. The credentials may be visible in command history or process listings.

Authentication Profiles

The CLI supports multiple authentication profiles for different environments:

# Create a new profile
secure-model configure --profile production

# Use a specific profile
secure-model list deployments --profile production

Each profile has its own set of credentials and configuration stored in the configuration file.

Token Refresh

Authentication tokens are automatically refreshed when needed. You typically don't need to re-authenticate unless you explicitly log out or your API key is revoked.

Logging Out

To remove stored credentials:

secure-model logout

To log out of a specific profile:

secure-model logout --profile production

Security Best Practices

1. Never share your API key or include it in public repositories
2. Use environment variables for CI/CD pipelines
3. Rotate your API keys regularly
4. Use different API keys for development and production
5. Set appropriate permissions for the configuration file:

   chmod 600 ~/.paitient/config.json

Service Account Authentication

For automated systems, it's recommended to use a service account with limited permissions:

1. Create a service account in your PaiTIENT dashboard
2. Assign only the necessary permissions to this account
3. Use the service account credentials for your automated processes

MFA Integration

If your account requires multi-factor authentication (MFA), the interactive login will prompt for the MFA code. For non-interactive authentication with MFA-enabled accounts, you'll need to use API keys that were created with MFA verification.

Next Steps

• Learn about CLI Commands
• Explore CLI Examples
• Understand CLI Configuration
• Review Troubleshooting