Skip to main content
Create or join a Libretto Cloud organization, store a local session, and issue API keys for cloud runs.
This page is about authenticating the CLI and API client to Libretto Cloud. For signing your workflows into target websites, see Website authentication.

Before you start

The examples below assume Libretto is installed in your project and runnable with npx libretto.

Create a new user account and organization

Use auth signup when you are creating a brand new Libretto Cloud organization: 
npx libretto cloud auth signup
The CLI prompts for your name, email, password, organization name, organization slug, and the alert email that Libretto Cloud should use for workflow failure notifications. After the account is created, it waits for email verification and stores the session locally in ~/.libretto/auth.json.
A Libretto user can only belong to one organization at a time. If your team already has an organization, use an invite instead of creating a second account.
If the organization slug is already taken, the CLI re-prompts for just the slug and keeps the rest of your signup input.

Log in to an existing account

Use auth login when the account already exists: 
npx libretto cloud auth login
This stores a new Libretto Cloud session in ~/.libretto/auth.json. If the account is not verified yet, the CLI re-sends the verification email.

Reset a forgotten password

Use auth forgot-password to request a password reset email: 
npx libretto cloud auth forgot-password
After you choose a new password from the reset link, run auth login again to save a fresh local session. To clear local credentials: 
npx libretto cloud auth logout

Check the active identity

Use auth whoami to confirm which Libretto Cloud account the CLI is using: 
npx libretto cloud auth whoami
If LIBRETTO_API_KEY is set, the CLI prefers that key over the stored session cookie.

Invite a teammate

Use auth invite from an account that can manage members in the active organization: 
npx libretto cloud auth invite teammate@example.com --role member
The command sends an invitation email to the teammate and prints the invitation id and organization slug that they need for auth accept-invite.

Accept an invite

Use auth accept-invite when you are joining an existing organization: 
npx libretto cloud auth accept-invite <tenant-slug> <invitation-id>
If you are not logged in yet, the CLI creates the account first, waits for email verification, and then saves the hosted session locally. If you are already logged in, auth accept-invite only works when that account is not already a member of another organization.

Issue an API key

Use API keys for project .env files, CI, or other non-interactive Libretto Cloud runs: 
npx libretto cloud auth api-key issue --label laptop-dev
The command prints the raw key once. The CLI does not store that key on disk for you. Add it to your project .env file: 
LIBRETTO_API_KEY=<issued-key>
To inspect existing keys: 
npx libretto cloud auth api-key list
To revoke a key: 
npx libretto cloud auth api-key revoke <key-id>

Troubleshooting

  • If signup fails because the email already exists, log in to that account or delete the existing Libretto Cloud account before retrying.
  • If an invite fails for a logged-in user, make sure that user is not already a member of another Libretto organization.

Deployments

Deploy workflows to Libretto Cloud and investigate cloud runs.

Billing

Open the plans page and manage your subscription.