CLI Authentication
The ARM CLI supports multiple authentication methods including OAuth providers.
Interactive Login (Recommended)
arm login
This presents an interactive menu:
? Choose login method:
❯ Email & Password
Google
GitHub
Microsoft
Email & Password
arm login -e your@email.com -p yourpassword
Or interactively:
arm login
# Select "Email & Password"
# Enter your credentials
OAuth Login
Google
arm login --provider google
GitHub
arm login --provider github
Microsoft
arm login --provider microsoft
How OAuth Works
- CLI generates a unique device code
- Opens your browser to the authentication page
- You authenticate with your OAuth provider
- CLI receives the token automatically
- Credentials are stored securely in
~/.armrc
Check Login Status
arm whoami
Output:
Logged in as: john@example.com
User ID: 507f1f77bcf86cd799439011
Plan: Team
Logout
arm logout
This clears stored credentials from ~/.armrc.
Token Management
View Current Token
arm config get token
Use Environment Variable
export ARM_TOKEN=your-jwt-token
arm tunnel 3000
Token Expiration
Tokens expire after 7 days. The CLI will prompt you to re-authenticate when needed.
Headless/CI Authentication
For CI/CD pipelines, use environment variables:
# In your CI config
export ARM_TOKEN=${{ secrets.ARM_TOKEN }}
# Run commands
arm tunnel 3000 --subdomain ci-preview
Generating a Long-Lived Token
- Login via the web dashboard at https://tunnelapi.in
- Go to Settings → API Tokens
- Generate a new token
- Use in CI/CD
Troubleshooting
"Authentication required" Error
# Re-authenticate
arm logout
arm login
OAuth Browser Doesn't Open
# Manual OAuth flow
arm login --provider google --no-browser
# Copy the URL and open manually
Token Invalid
# Clear and re-login
rm ~/.armrc
arm login
Security Best Practices
- Never commit tokens - Use environment variables in CI
- Rotate tokens regularly - Generate new tokens periodically
- Use OAuth - More secure than password authentication
- Logout on shared machines - Always run
arm logout