Auth and profiles

Environment variable for scripts

Set AGENT_CENTRAL_API_KEY to an ac_live_ key from the dashboard. This is the best default for cron, CI, and containers because each run receives its key directly from the job environment.

export AGENT_CENTRAL_API_KEY="ac_live_..."
agentcentral account info
agentcentral tools list --format table

AGENTCENTRAL_API_KEY still works for older scripts, but use AGENT_CENTRAL_API_KEY for new setup.

Stored login for local use

auth login reads the key from a prompt or stdin. It never accepts the key as a flag value, so the secret does not appear in shell history or process listings.

agentcentral auth login      # paste the key at the prompt, or pipe it through stdin
agentcentral auth status
agentcentral auth logout

When the OS keychain is available, the CLI uses it for the stored key. Otherwise it falls back to a locked-down config file and refuses to read that file if it is group- or world-readable.

Profiles for multiple accounts or marketplaces

Use named profiles when you work across more than one account, brand, or marketplace. Each profile stores one API key. Pass the profile name on commands that should never depend on your current shell state.

agentcentral profiles add levain-us   # reads the key from a prompt or stdin
agentcentral profiles list
agentcentral profiles use levain-us
agentcentral account info --profile levain-us

# cron: pass --profile or use the env var, never a mutable default
agentcentral tools call get_inventory_health --profile levain-us --format json --no-color

Which key the CLI uses

When more than one source is present, the first match wins:

If --profile and AGENT_CENTRAL_API_KEY are both present, the CLI prints a warning so you can catch a wrong-account run before it matters.

Confirm before a write

Use account info or doctor before write workflows. Check the account, marketplace, enabled domains, and whether the key allows writes.

agentcentral account info --format table