Auth Commands¶
Show authentication and security information for SuperQode.
Overview¶
The superqode auth command group provides commands for managing authentication, including storing API keys locally, checking configuration status, and understanding security practices.
Authentication Modes¶
SuperQode supports three authentication modes:
| Mode | Description | Key Storage |
|---|---|---|
| BYOK | Bring Your Own Key via environment variables | Your shell/env |
| Local | Optional local file storage | ~/.superqode/auth.json |
| ACP | Delegated to coding agents | Agent-specific |
Resolution Order¶
When SuperQode needs an API key, it checks in this order:
- Environment variables (e.g.,
ANTHROPIC_API_KEY) - Local storage (
~/.superqode/auth.json) - Error if neither found
This means environment variables always take precedence over local storage.
auth login¶
Store an API key for a provider in local storage.
Arguments¶
| Argument | Description |
|---|---|
PROVIDER | Provider ID (e.g., anthropic, openai, google) |
Examples¶
# Store Anthropic API key
superqode auth login anthropic
# Store OpenAI API key
superqode auth login openai
What Happens¶
- Prompts for your API key (input is hidden)
- Saves to
~/.superqode/auth.jsonwith0600permissions - Key is now available for SuperQode to use
Example Session¶
$ superqode auth login anthropic
Configure Anthropic
Get your key at: https://console.anthropic.com/
Enter API key for anthropic: ********
โ
Saved anthropic API key to ~/.superqode/auth.json
auth logout¶
Remove a stored API key from local storage.
Examples¶
Output¶
auth list¶
List all credentials stored in local storage.
Output¶
โโโโโโโโโโโโโฌโโโโโโโฌโโโโโโโโโโโโโโ
โ Provider โ Type โ Key Preview โ
โโโโโโโโโโโโโผโโโโโโโผโโโโโโโโโโโโโโค
โ anthropic โ api โ sk-ant-a... โ
โ openai โ api โ sk-proj-... โ
โโโโโโโโโโโโโดโโโโโโโดโโโโโโโโโโโโโโ
Stored in: ~/.superqode/auth.json
auth info¶
Show comprehensive authentication information for all providers and agents.
Output¶
Displays authentication status showing both environment variables AND local storage:
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ ๐ Auth Modes: โ
โ 1. BYOK - Environment variables (primary) โ
โ 2. Local - ~/.superqode/auth.json (optional) โ
โ 3. ACP - Delegated to agents โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โโโ PROVIDER AUTH STATUS โโโ
โโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโ
โ Provider โ Env Variable โ Status โ Source โ
โโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโค
โ anthropic โ ANTHROPIC_API_KEYโ โ
Set โ ~/.superqode/auth.jsonโ
โ openai โ OPENAI_API_KEY โ โ
Set โ ~/.zshrc โ
โ google โ GOOGLE_API_KEY โ โ Not setโ - โ
โ ollama โ (none) โ ๐ Local โ localhost:11434 โ
โโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโ
โโโ ACP MODE (Coding Agents) โโโ
...
auth check¶
Check authentication status for a specific provider or agent.
Examples¶
# Check Anthropic provider
superqode auth check anthropic
# Check OpenCode agent
superqode auth check opencode
Security & Transparency¶
Where Are Keys Stored?¶
| Source | Location | Permissions |
|---|---|---|
| Environment | Your shell config (~/.zshrc, ~/.bashrc) | Your control |
| Local Storage | ~/.superqode/auth.json | 0600 (owner only) |
| ACP Agents | Agent-specific (e.g., ~/.local/share/opencode/auth.json) | Agent's control |
What SuperQode Does NOT Do¶
- โ Send keys to any external server
- โ Log or display full key values
- โ Share keys between projects
- โ Store keys without your explicit action
What SuperQode DOES Do¶
- โ Read keys from environment at runtime
- โ
Optionally store keys locally if you use
auth login - โ Set secure file permissions (0600) on auth.json
- โ Show masked key previews (first 8 chars only)
- โ Show exactly where each key is configured
File Format¶
The ~/.superqode/auth.json file format:
{
"anthropic": {
"type": "api",
"key": "sk-ant-api03-..."
},
"openai": {
"type": "api",
"key": "sk-proj-..."
}
}
Inspecting Your Auth File¶
# View the file (keys will be visible!)
cat ~/.superqode/auth.json
# Check permissions
ls -la ~/.superqode/auth.json
# Should show: -rw------- (0600)
# Delete all stored keys
rm ~/.superqode/auth.json
Choosing Between BYOK and Local Storage¶
| Use Case | Recommended |
|---|---|
| CI/CD pipelines | BYOK (env vars) |
| Team shared environment | BYOK (env vars) |
| Personal development | Either works |
| Quick setup without shell config | Local storage |
| Multiple keys for same provider | BYOK (env vars) |
Using Both¶
If you have a key in both environment AND local storage: - Environment variable wins (checked first) - Local storage is a fallback
This lets you override local storage with environment variables when needed.
Workflow Examples¶
Quick Personal Setup¶
# Store your keys locally
superqode auth login anthropic
superqode auth login openai
# Verify
superqode auth list
superqode auth info
CI/CD Setup¶
# GitHub Actions example
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
steps:
- run: superqode auth info # Will show keys from env
Switching Providers¶
# Remove old key
superqode auth logout anthropic
# Add new key
superqode auth login anthropic
# Verify
superqode auth check anthropic
Troubleshooting¶
Key Not Found¶
Solutions:
# Option 1: Set via environment
export ANTHROPIC_API_KEY="sk-ant-..."
# Option 2: Store locally
superqode auth login anthropic
Wrong Key Being Used¶
If environment has a different key than local storage, environment wins:
# Check which source is active
superqode auth info
# To use local storage key, unset env var
unset ANTHROPIC_API_KEY
Permission Denied on Auth File¶
Clear All Local Keys¶
Related Commands¶
superqode providers list- List available providerssuperqode providers test- Test provider connectionsuperqode agents show- Show agent authentication infosuperqode roles check- Check role readiness (includes auth check)
Next Steps¶
- Provider Commands - Provider management
- Agents Commands - Agent management
- Configuration - Config file structure