veirox login
Authenticate with Veirox via the OAuth device flow
Synopsis
veirox login [flags]
Description
Authenticate with an Veirox workspace.
The default mode runs the OAuth 2.0 device authorization grant: the CLI
prints a short user code, opens your browser to the consent page, and
polls until you click Approve. The minted `ops_k_…` API key is
stored in your OS keyring (Keychain / Secret Service / Credential
Manager); the matching profile is written to
`~/.config/veirox/config.toml`.
Pass --token to skip the device flow and provide an existing key
(useful for CI bootstrapping). Pass --rotate to invalidate your current
key and mint a fresh one with the same scopes.
Flags
| Flag | Type | Default | Description |
|---|---|---|---|
--device-name | string | defaultDeviceName() | device label visible in the consent UI + audit log |
--no-open | bool | false | don't open the browser; print the URL only |
--profile | string | — | profile name (default: derived from host) |
--rotate | bool | false | rotate the existing profile's key (skips device flow) |
--token | string | — | skip device flow and use an existing ops_k_… key (read from $TOKEN if value is '-') |
--workspace | string | — | workspace URL (HTTPS required for non-loopback) |
Examples
veirox login --workspace https://veirox.acme.com --profile work
veirox login --rotate
veirox login --token ops_k_AbCd... --profile ci
Exit codes
| Code | Meaning |
|---|---|
0 | Success. |
1 | Generic error (network, API 5xx). |
2 | Validation error (bad flag, missing required arg). |
3 | Unauthenticated — run veirox login or set VEIROX_API_KEY. |
4 | Not found (resource does not exist in this project). |
5 | Permission denied (your role / API key lacks the scope). |