login

Use the login command to log in a user or host to Conjur.

Usage

conjur [global options] login [options] [args]

You can add the login credentials in the arguments of the login command. If these are not provided, when the login command runs the user/host is prompted to enter required login credentials.

These credentials are saved to the operating system's credential store, or to the netrc) file if there is no credential store. For more information, see Credential store.

Global options

Option	Description
-d, --debug	Enable debugging output.

Options

Option	Description
-i VALUE, --id VALUE	(Optional) A login name to log in to Conjur. For a host, the login name should be `host/<full host path>`. If the login name contains special characters that might interfere with your terminal, surround it with single quotes, for example, `-i 'alice@example.com'` If you do not provide a login name, Conjur prompts for one.
-p VALUE, --password VALUE	(Optional) A password or API key for the specified login name. The password is stored in the shell's history together with the rest of the data from the CLI call. It is strongly recommended to clean this sensitive data from the history at the end of the session. If the password/API key contains special characters that might interfere with your terminal, surround it with single quotes, for example, `-p 'Myp@ssw0rd!'` If you do not provide a password/API key, Conjur prompts for one
-h, --help	Display the help screen.

Option

Description

-i VALUE, --id VALUE

(Optional) A login name to log in to Conjur.

For a host, the login name should be host/<full host path>.

If the login name contains special characters that might interfere with your terminal, surround it with single quotes, for example, -i 'alice@example.com'
If you do not provide a login name, Conjur prompts for one.

-p VALUE, --password VALUE

(Optional) A password or API key for the specified login name.

The password is stored in the shell's history together with the rest of the data from the CLI call. It is strongly recommended to clean this sensitive data from the history at the end of the session.

If the password/API key contains special characters that might interfere with your terminal, surround it with single quotes, for example, -p 'Myp@ssw0rd!'
If you do not provide a password/API key, Conjur prompts for one

-h, --help

Display the help screen.

Examples

The following command prompts for the user/host's credentials for logging in to Conjur Cloud:

conjur login

The following command prompts for the admin user's password:

conjur login -i admin

The following command logs the admin user in without prompting for any credentials:

conjur login -i admin -p Myp@ssw0rd!

When you log in to the Conjur CLI, your login credentials (username and password) are stored in the system's native credential store by default.

When the supported credential store for your platform is not native on your machine, or is not accessible, the Conjur CLI writes your credentials in plaintext to a config file (netrc) on the machine. In this case, for security purposes we strongly recommend that you log out of the CLI (conjur logout) when you are not using it. Logging out removes the credentials from the netrc file.

In addition, when the -p ( or --password) option is passed, the password is stored in the shell's history together with the rest of the data from the CLI call. We strongly recommend cleaning this sensitive data from the history at the end of the CLI session.