LinuxCommandLibrary

pulumi-logout

Log out of Pulumi service

TLDR

Log out of a specific cloud backend

$ pulumi logout [url]
copy

Log out of all backends simultaneously
$ pulumi logout --all
copy

Log out of using local mode
$ pulumi logout [[-l|--local]]
copy

Display help
$ pulumi logout [[-h|--help]]
copy

SYNOPSIS

pulumi logout [] [options]

PARAMETERS

[]
    Optional. Specifies the URL of the Pulumi backend to log out from. If omitted, the command attempts to log out from the currently active backend.

-h, --help
    Displays help information for the logout command.

--all
    Logs out from all configured Pulumi backends, removing all cached credentials.

-f, --force
    Forces the logout operation to proceed even if the command is not currently logged into the specified or current backend. This prevents an error from being returned in such cases.

--non-interactive
    Disables interactive prompts during the logout process. This is useful for scripting or automated environments.

--cloud-url
    Deprecated. Use the direct URL argument instead. Specifies a different Pulumi Cloud URL to log out from.

DESCRIPTION

The pulumi logout command is used to terminate an authenticated session with a Pulumi backend. This backend can be the managed Pulumi Cloud (api.pulumi.com) or a self-hosted alternative such as a Git repository, Amazon S3 bucket, Azure Blob Storage, or Google Cloud Storage. Executing this command removes the locally cached access tokens and session credentials, effectively logging the user out.

When invoked without any arguments, pulumi logout attempts to log out from the currently active backend, which is typically the one the user last logged into or specified for a project. To log out from a specific backend URL, the URL can be provided as an argument. Alternatively, the --all option allows users to log out from all configured backends simultaneously, removing all stored credentials. This command is crucial for security, enabling users to clear their session information from a machine, particularly before leaving a shared or public environment. It ensures that subsequent Pulumi CLI operations will require re-authentication.

CAVEATS

  • If no URL is provided, pulumi logout targets the currently active backend, which might not be the one you intend if you have multiple backends configured.
  • The --cloud-url option is deprecated and its use is discouraged in favor of passing the backend URL directly as an argument.
  • Logging out using pulumi logout --all will remove all locally stored Pulumi access tokens, requiring re-authentication for any Pulumi backend you wish to interact with later.
  • This command only removes credentials stored locally by the Pulumi CLI; it does not invalidate any tokens on the Pulumi backend service itself (e.g., if you generated an API token directly).

SECURITY IMPLICATIONS

Logging out is a critical security practice, especially when using shared machines or public terminals. It ensures that your Pulumi Cloud credentials are not left exposed after use.

CREDENTIAL STORAGE

Pulumi typically stores credentials in a secure location on the user's local machine (e.g., the ~/.pulumi directory on Linux/macOS, or %USERPROFILE%/.pulumi on Windows). The pulumi logout command cleans up these specific credential files.

HISTORY

The pulumi CLI and its core commands like login and logout have been fundamental since the early public releases of Pulumi, starting around 2018. They were designed to provide a secure and manageable way for users to interact with the Pulumi Cloud and other state backends. As Pulumi evolved to support various self-hosted backend options (S3, Azure Blob, GCS, Git), the logout command was adapted to accommodate these diverse environments, allowing users to disconnect from any configured backend. The deprecation of --cloud-url in favor of a direct URL argument reflects an effort to unify and simplify the command's interface for all backend types.

SEE ALSO

pulumi login, pulumi whoami, pulumi stack ls, pulumi backend

Copied to clipboard