Skip to main content
The unkey auth login command stores your root key in a local config file so you don’t have to pass --root-key on every CLI invocation.

Prerequisites

Installation

Install the CLI with npm: 
npm install -g unkey
Or run it directly with npx: 
npx unkey auth login

Log in

Run the auth login command and paste your root key when prompted: 
unkey auth login

Enter your root key: ****
Authentication successful. Key stored in ~/.unkey/config.toml
The key is read as hidden input — it won’t be displayed in your terminal.

How it works

Your root key is saved to ~/.unkey/config.toml. Once stored, other CLI commands (like unkey deploy) use it automatically instead of requiring a --root-key flag.
~/.unkey/config.toml
root_key = "unkey_..."
The config file stores your root key in plain text. Make sure ~/.unkey/config.toml is not committed to version control or shared.

Best practices

  • Use a dedicated root key for the CLI — create a separate key with only the permissions your CLI workflows need. See root key permissions for guidance.
  • Don’t commit the config file — add ~/.unkey/ to your global gitignore or verify it’s excluded from your project repositories.
  • Rotate periodically — run unkey auth login again with a new key to replace the stored one.

Next steps

Root keys

Learn how to create and manage root keys

Quickstart

Get started with Unkey API key management
Last modified on March 30, 2026