cloud keys¶
NAME¶
phyware cloud keys — create, list, and revoke PhyCloud API keys.
SYNOPSIS¶
phyware cloud keys create [OPTIONS] --tenant-id <ID> --name <NAME>
phyware cloud keys list [OPTIONS] --tenant-id <ID>
phyware cloud keys revoke [OPTIONS] <KEY_ID>
DESCRIPTION¶
create¶
Mints a new API key scoped to a tenant. The secret is only shown once — save it immediately.
list¶
Lists all API keys for a tenant (secrets are masked).
revoke¶
Permanently invalidates an API key.
OPTIONS¶
| Flag | Type | Required | Default | Env |
|---|---|---|---|---|
--url | string | No | http://localhost:8000 | PHYCLOUD_URL |
--api-key | string | No | — | PHYCLOUD_API_KEY |
--output | enum | No | table | — |
| --tenant-id | string | Yes (create/list) | — | — | | --name | string | Yes (create) | — | — | | --scopes | string | No | read:events write:events | — | | --expires | string | No | — | — |
ARGUMENTS¶
| Name | Required | Description |
|---|---|---|
KEY_ID | Yes (revoke) | Unique key identifier |
INPUT¶
None.
OUTPUT¶
| Field | Type | Description |
|---|---|---|
id | string | Key identifier |
name | string | Human-readable name |
secret | string | The API key secret (create only) |
scopes | array | Granted OAuth scopes |
EXIT CODES¶
| Code | Meaning |
|---|---|
0 | Success |
1 | Generic / connection error |
2 | Authentication / authorisation error |
3 | Resource not found |
4 | Validation error |
5 | Server-side error |
EXAMPLES¶
# Create a key for a tenant
phyware cloud keys create --tenant-id ten_abc123 --name "ingest-key"
# Capture the secret
SECRET=$(phyware cloud keys create --tenant-id ten_abc123 --name ci-key -o json | jq -r '.key.secret')
# List keys for a tenant
phyware cloud keys list --tenant-id ten_abc123
# List as JSON
phyware cloud keys list --tenant-id ten_abc123 --output json
# Revoke a key
phyware cloud keys revoke key_abc123
AGENT NOTES¶
create exposes the key secret only once in the response. Store it securely before discarding. Requires admin:keys scope. Use --scopes to follow least-privilege principles.
SEE ALSO¶
ERRORS¶
| Code | Message | Remediation |
|---|---|---|
FORBIDDEN | Insufficient scope | Ensure admin:keys scope |
NOT_FOUND | Key not found | Check KEY_ID |
CONFLICT | Key name taken | Choose a different name |