Cloud Credentials
Cloud API authentication credentials, token management, and login workflow.
On this page
Cloud credentials authenticate your CLI and API requests to SystemPrompt Cloud. They're stored in .systemprompt/credentials.json and expire 24 hours after login.
How It Works
When you run just login, SystemPrompt opens your browser for OAuth authentication. After successful login, credentials are saved locally.
just login
│
└── Opens browser for GitHub/Google OAuth
│
└── Saves credentials.json
│
└── Valid for 24 hours
credentials.json Structure
{
"api_token": "sp_live_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"api_url": "https://api.systemprompt.io",
"authenticated_at": "2026-02-01T10:00:00Z",
"user_email": "user@example.com"
}
| Field | Description |
|---|---|
api_token |
JWT token for API authentication |
api_url |
Cloud API endpoint |
authenticated_at |
Login timestamp |
user_email |
User's email address |
Token Expiration
Tokens expire 24 hours after authenticated_at. When expired:
- CLI commands return authentication errors
- Run
just loginto re-authenticate - New credentials.json is created
Profile Configuration
Reference credentials in your profile:
# .systemprompt/profiles/local/profile.yaml
cloud:
credentials_path: "../../credentials.json"
tenants_path: "../../tenants.json"
Container Deployment
In Fly.io containers, credentials load from environment variables:
| Environment Variable | Description |
|---|---|
SYSTEMPROMPT_API_TOKEN |
API token (required) |
SYSTEMPROMPT_USER_EMAIL |
User email (required) |
SYSTEMPROMPT_API_URL |
API endpoint (optional) |
Commands
| Task | Command |
|---|---|
| Login | just login |
| Check auth | systemprompt cloud auth whoami |
| Logout | just logout |
Security
- Never commit credentials.json to git
- File should have
0600permissions (owner read/write only) - Tokens can be revoked by contacting support
See the Cloud Credentials Playbook for detailed technical information.