ibmcloud-login

Log in by using an interactive prompt

$ ibmcloud login

$ ibmcloud login -a [api_endpoint]

$ ibmcloud login -u [username] -p [password] -r [us-south]

$ ibmcloud login --apikey [api_key_string]

$ ibmcloud login --apikey @[path/to/api_key_file]

$ ibmcloud login --sso

ibmcloud login [--apikey API_KEY | -u API_KEY] [--sso] [--origin IDENTITY_PROVIDER] [--sso-url SSO_URL] [--profile PROFILE_NAME] [--client-id CLIENT_ID] [--api API_ENDPOINT | -a API_ENDPOINT] [--region REGION | -r REGION] [--account ACCOUNT_ID] [--resource-group RESOURCE_GROUP | -g RESOURCE_GROUP] [--no-all-account-commands] [--skip-ssl-validation] [-h | --help]

--apikey API_KEY | -u API_KEY
    Authenticates using a provided IBM Cloud API key. Ideal for automation.

--sso
    Initiates a Single Sign-On (SSO) login flow, prompting for a browser-based authentication.

--origin IDENTITY_PROVIDER
    Specifies the identity provider for SSO, e.g., ibmid, github.

--sso-url SSO_URL
    Specifies a custom SSO URL, typically used for private or custom identity configurations.

--profile PROFILE_NAME
    Uses a named authentication profile from your IBM Cloud CLI configuration.

--client-id CLIENT_ID
    Specifies the client ID for OAuth flows, typically used in advanced scenarios.

--api API_ENDPOINT | -a API_ENDPOINT
    Specifies the IBM Cloud API endpoint URL to connect to, e.g., https://cloud.ibm.com.

--region REGION | -r REGION
    Targets a specific IBM Cloud region after successful login (e.g., us-south).

--account ACCOUNT_ID
    Targets a specific account ID if you have access to multiple accounts.

--resource-group RESOURCE_GROUP | -g RESOURCE_GROUP
    Targets a specific resource group after successful login.

--no-all-account-commands
    Prevents listing commands that apply to all accounts, streamlining command output.

--skip-ssl-validation
    Skips SSL certificate validation. Use with extreme caution and only in non-production environments.

-h | --help
    Displays help information for the login command.

The `ibmcloud login` command is the primary method for authenticating the IBM Cloud Command Line Interface (CLI) session. It establishes a secure connection to the IBM Cloud environment, allowing users to interact with and manage their resources. Upon successful login, the CLI stores an authentication token, enabling subsequent commands to be executed without requiring re-authentication until the token expires. This command supports various authentication methods, including interactive login with a username and password, API key-based authentication for automation, and single sign-on (SSO) for enterprise environments. It's crucial for setting up the context for all subsequent IBM Cloud CLI operations.

The literal command name for logging into IBM Cloud is ibmcloud login (with a space), not ibmcloud-login (with a hyphen). If ibmcloud-login is used, it likely refers to a custom script or alias.
Using --skip-ssl-validation is highly discouraged in production environments due to significant security risks.
Storing API keys directly in scripts or command history is not recommended. Consider using environment variables, secure vaults, or IBM Cloud CLI profiles for better security practices.
Authentication tokens obtained via login have an expiration period, after which re-authentication is required.

The default API endpoint for IBM Cloud is https://cloud.ibm.com. If you are operating in a private cloud environment or a specialized deployment, you may need to explicitly specify the correct endpoint using the --api option.

Many login parameters can be configured using environment variables, which can be useful for scripting and automation without exposing sensitive information directly on the command line. Examples include IC_API_KEY, IC_API_ENDPOINT, and IC_REGION.

After successfully logging in, it's often necessary to set your target account, region, resource group, or Cloud Foundry organization/space using the ibmcloud target command. This ensures that subsequent CLI commands operate within the correct context.

The ibmcloud CLI has evolved significantly since its inception, succeeding older CLIs like the bluemix (bx) CLI. The ibmcloud login command has been the cornerstone of user authentication since its introduction, providing a unified and consistent way to access IBM Cloud resources. Over time, new authentication methods like API key support, enhanced SSO options, and profile management have been integrated to accommodate diverse user needs and automation requirements, continuously improving security and usability.

ibmcloud logout(1), ibmcloud target(1), ibmcloud account(1), ibmcloud iam(1), ibmcloud config(1)