Skip to content
Satusky Docs

auth

1ctl auth manages how the CLI authenticates with the Satusky API. Authentication in 1ctl is API-key based: you supply a token once, the CLI validates it against the API and writes it to ~/.satusky/context.json, and from that point every command reads the token from that file and sends it in the x-satusky-api-key request header.

No session cookies. No OAuth redirect. Just a token in a local file.

Commands

Section titled “Commands”

1ctl auth login

Section titled “1ctl auth login”
1ctl auth login [--token <token>]

Authenticates the CLI with the API. If --token is not supplied, 1ctl prompts you to paste your API token interactively.

What happens under the hood:

  1. POST /v1/cli/auth/login with x-satusky-api-key: <token>
  2. The API validates the key against the api_tokens table
  3. On success, the API returns user_id, org_id, and email
  4. The CLI writes the token plus that context to ~/.satusky/context.json

Flags

FlagDescription
--token <token>API token to use. If omitted, you are prompted.

Example

Terminal window
$ 1ctl auth login
Enter your API token: ••••••••••••••••
Logged in as [email protected] (org: acme)
Terminal window
# Non-interactive — useful in setup scripts
1ctl auth login --token sat_prod_abc123

1ctl auth logout

Section titled “1ctl auth logout”
1ctl auth logout

Removes the token and user context from ~/.satusky/context.json. The file itself is kept, but the token field is cleared. Subsequent commands will fail with an authentication error until you run auth login again.

Terminal window
$ 1ctl auth logout
Logged out. Run '1ctl auth login' to authenticate again.

1ctl auth status

Section titled “1ctl auth status”
1ctl auth status

Prints the current authentication state without making a validation request to the API. Reads directly from ~/.satusky/context.json.

Terminal window
$ 1ctl auth status
Logged in
  Email:   [email protected]
  User ID: usr_01j9...
  Org ID:  org_04k2...
  Token:   sat_prod_••••••••
  Profile: default (https://api.satusky.com)

If you are not logged in:

Terminal window
$ 1ctl auth status
Not authenticated. Run '1ctl auth login' to continue.

CI/CD usage

Section titled “CI/CD usage”

Do not use auth login in automated pipelines. The ~/.satusky/context.json state file is not available in ephemeral CI environments, and you should not embed tokens in commands that get logged.

Instead, set the SATUSKY_API_KEY environment variable. When this variable is present, 1ctl uses it directly and skips reading the context file entirely — no login step required.

# GitHub Actions example
- name: Deploy
  env:
    SATUSKY_API_KEY: ${{ secrets.SATUSKY_API_KEY }}
  run: 1ctl deploy
Terminal window
# Any shell environment
export SATUSKY_API_KEY=sat_prod_abc123
1ctl deploy

SATUSKY_API_KEY takes effect on every command without any persistent state. If both the env var and a context file token are present, the env var wins.

Context file reference

Section titled “Context file reference”

~/.satusky/context.json stores the fields written by auth login:

FieldDescription
tokenYour API token
user_idYour Satusky user ID
org_idYour active organisation ID
emailEmail address associated with the token
active_profileName of the currently active profile

Do not hand-edit this file. Use auth login / auth logout and the profile commands to manage its contents.