ibmcloud-login
Log in to IBM Cloud
TLDR
Log in by using an interactive prompt
Log in to a specific API endpoint (default is cloud.ibm.com)
Log in by providing username, password and the targeted region as parameters
Log in with an API key, passing it as an argument
Log in with an API key, passing it as a file
Log in with a federated ID (single sign-on)
SYNOPSIS
ibmcloud login [--apikey API_KEY | -u API_KEY] [--sso] [--origin IDENTITY_PROVIDER] [--sso-url SSO_URL] [--profile PROFILE_NAME] [--client-id CLIENT_ID] [--api API_ENDPOINT | -a API_ENDPOINT] [--region REGION | -r REGION] [--account ACCOUNT_ID] [--resource-group RESOURCE_GROUP | -g RESOURCE_GROUP] [--no-all-account-commands] [--skip-ssl-validation] [-h | --help]
PARAMETERS
--apikey API_KEY | -u API_KEY
Authenticates using a provided IBM Cloud API key. Ideal for automation.
--sso
Initiates a Single Sign-On (SSO) login flow, prompting for a browser-based authentication.
--origin IDENTITY_PROVIDER
Specifies the identity provider for SSO, e.g., ibmid, github.
--sso-url SSO_URL
Specifies a custom SSO URL, typically used for private or custom identity configurations.
--profile PROFILE_NAME
Uses a named authentication profile from your IBM Cloud CLI configuration.
--client-id CLIENT_ID
Specifies the client ID for OAuth flows, typically used in advanced scenarios.
--api API_ENDPOINT | -a API_ENDPOINT
Specifies the IBM Cloud API endpoint URL to connect to, e.g., https://cloud.ibm.com.
--region REGION | -r REGION
Targets a specific IBM Cloud region after successful login (e.g., us-south).
--account ACCOUNT_ID
Targets a specific account ID if you have access to multiple accounts.
--resource-group RESOURCE_GROUP | -g RESOURCE_GROUP
Targets a specific resource group after successful login.
--no-all-account-commands
Prevents listing commands that apply to all accounts, streamlining command output.
--skip-ssl-validation
Skips SSL certificate validation. Use with extreme caution and only in non-production environments.
-h | --help
Displays help information for the login command.
DESCRIPTION
The `ibmcloud login` command is the primary method for authenticating the IBM Cloud Command Line Interface (CLI) session. It establishes a secure connection to the IBM Cloud environment, allowing users to interact with and manage their resources. Upon successful login, the CLI stores an authentication token, enabling subsequent commands to be executed without requiring re-authentication until the token expires. This command supports various authentication methods, including interactive login with a username and password, API key-based authentication for automation, and single sign-on (SSO) for enterprise environments. It's crucial for setting up the context for all subsequent IBM Cloud CLI operations.
CAVEATS
The literal command name for logging into IBM Cloud is ibmcloud login (with a space), not ibmcloud-login (with a hyphen). If ibmcloud-login is used, it likely refers to a custom script or alias.
Using --skip-ssl-validation is highly discouraged in production environments due to significant security risks.
Storing API keys directly in scripts or command history is not recommended. Consider using environment variables, secure vaults, or IBM Cloud CLI profiles for better security practices.
Authentication tokens obtained via login have an expiration period, after which re-authentication is required.
DEFAULT API ENDPOINT
The default API endpoint for IBM Cloud is https://cloud.ibm.com. If you are operating in a private cloud environment or a specialized deployment, you may need to explicitly specify the correct endpoint using the --api option.
ENVIRONMENT VARIABLE CONFIGURATION
Many login parameters can be configured using environment variables, which can be useful for scripting and automation without exposing sensitive information directly on the command line. Examples include IC_API_KEY, IC_API_ENDPOINT, and IC_REGION.
POST-LOGIN TARGETING
After successfully logging in, it's often necessary to set your target account, region, resource group, or Cloud Foundry organization/space using the ibmcloud target command. This ensures that subsequent CLI commands operate within the correct context.
HISTORY
The ibmcloud CLI has evolved significantly since its inception, succeeding older CLIs like the bluemix (bx) CLI. The ibmcloud login command has been the cornerstone of user authentication since its introduction, providing a unified and consistent way to access IBM Cloud resources. Over time, new authentication methods like API key support, enhanced SSO options, and profile management have been integrated to accommodate diverse user needs and automation requirements, continuously improving security and usability.
SEE ALSO
ibmcloud logout(1), ibmcloud target(1), ibmcloud account(1), ibmcloud iam(1), ibmcloud config(1)