Skip to content
Certyn

Auth and Config

Configure API access, profiles, and runtime defaults for the Certyn CLI.

Certyn CLI supports both browser login and API keys.

  • Use browser login for interactive local work: certyn login, certyn whoami, certyn logout
  • Use API keys for CI, automation, and headless environments

Environment variables

  • CERTYN_API_URL
  • CERTYN_API_KEY
  • CERTYN_PROJECT
  • CERTYN_ENVIRONMENT
  • CERTYN_PROFILE

Config precedence

  1. CLI flags
  2. Environment variables
  3. Active profile
  4. Built-in defaults

Common setup flow

certyn init --profile dev --use-api-key --api-url https://api.certyn.io --project my-app --environment staging --api-key-ref dev_key
certyn config use dev
certyn config show

When you set --project <slug>, the CLI validates the slug once against the API and stores both:

  • project: <slug>
  • project_ids.<slug>: <project-id>

At runtime, project-id routes use this local map. If the mapping becomes stale, rerun:

certyn config set --profile dev --project my-app

Manual mapping commands are available for debugging:

certyn config projects map --slug my-app --id <project-id>
certyn config projects get --slug my-app
certyn config projects list
certyn config projects unmap --slug my-app

API key scope matrix

Use caseRecommended scopes
CI runnerci:trigger, ci:status, ci:cancel
Local run (existing env: certyn run ... --environment ...)ci:trigger, ci:status, ci:cancel, execution:read
Preview run (public URL: certyn run ... --url ...)ci:trigger, ci:status, ci:cancel, execution:read, platform:manage
Execution diagnostics (certyn diagnose / executions diagnose / conversation)execution:read
Ask Certyn advisor (certyn ask)chat:use
QA triage (read-only)testcase:read, ticket:read, execution:read
QA operator (read/write + execute/retest)testcase:read, testcase:write, testcase:execute, ticket:read, ticket:write, ticket:retest, execution:read
Platform operatorCI scopes + runner:manage + platform:manage

certyn run resolves custom process slugs by listing project processes from the API before triggering a run. Use exactly one run target: --url or --environment. run --json is schema-versioned (schema_version) and includes failed-execution diagnostics by default when gates fail. API keys calling chat endpoints (/api/chat*) require chat:use; JWT users remain unaffected by API-key scope checks.

Execution control commands (certyn executions retry|stop) require platform:manage.

Auth precedence

  1. Explicit CLI flags such as --api-key
  2. Environment variables
  3. Active profile values
  4. Built-in defaults

An explicit --api-key overrides stored browser auth for that command run.

API key header

The CLI sends API keys via X-API-Key automatically.

PreviousInstallNextCommands