kubekanvas login
Authenticate with KubeKanvas using a secure browser-based authentication flow. This is typically the first command you run after installing the CLI.
Usage
kubekanvas loginHow It Works
- The CLI initiates an authentication request with the KubeKanvas server
- A verification URL and a one-time user code are displayed in your terminal
- Open the URL in any browser and enter the code
- Complete authentication in the browser ā this supports SSO, multi-factor authentication, and any identity provider configured in your organization
- The CLI receives an access token upon successful authentication
- The token is stored securely in your operating system keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service)
- A unique connection ID is generated and saved to
~/.kubekanvas/config.json
Example Output
$ kubekanvas login
š To authenticate, visit: https://auth.kubekanvas.io/device
Enter code: ABCD-EFGH
ā³ Waiting for authentication...
ā
Successfully logged in!Token Storage
| Platform | Storage Location |
|---|---|
| macOS | Keychain Access (login keychain) |
| Windows | Windows Credential Manager |
| Linux | Secret Service API (GNOME Keyring / KWallet) |
Why device flow? The browser-based authentication flow is designed for CLI applications. Credentials are never typed into the terminal. Authentication happens in your browser where your password manager, SSO provider, and multi-factor authentication all work normally.
Configuration File
After logging in, the CLI creates ~/.kubekanvas/config.json with your connection identity. This file is used to route deployment commands to the correct CLI instance when you run kubekanvas connect.
Next: Configure your Kubernetes clusters to register them with KubeKanvas.