login

Authenticate with the ProductifyFW Manager.

Synopsis

pfy login --server <url> --token <token>

Description

The login command authenticates your CLI with a ProductifyFW Manager instance by storing your server URL and Personal Access Token (PAT) in the configuration file.

Usage

pfy login --server <url> --token <token>

Flags

Flag	Aliases	Required	Description
--server		Yes	ProductifyFW Manager URL (http(s)😕/host:port)
--token	--pat	Yes	Personal Access Token for authentication

Examples

Basic Login

pfy login \
  --server https://manager.example.com \
  --token your-personal-access-token

Output:

Successfully logged in to ProductifyFW manager at: https://manager.example.com
Configuration saved to ~/.pfy/config.yaml

Using PAT Alias

pfy login \
  --server https://manager.example.com \
  --pat your-personal-access-token

Verbose Login

pfy --verbose login \
  --server https://manager.example.com \
  --token your-personal-access-token

Output:

Saving configuration...
  Server: https://manager.example.com
  Token: your-perso...
Successfully logged in to ProductifyFW manager at: https://manager.example.com
Configuration saved to ~/.pfy/config.yaml

Configuration File

The login command creates or updates ~/.pfy/config.yaml:

manager_url: https://manager.example.com
token: your-personal-access-token

File Location

• Default: ~/.pfy/config.yaml
• Permissions: Automatically set to 0600 (read/write for owner only)

Manual Configuration

You can also manually create the configuration file:

mkdir -p ~/.pfy
cat > ~/.pfy/config.yaml <<EOF
manager_url: https://manager.example.com
token: your-personal-access-token
EOF
chmod 600 ~/.pfy/config.yaml

Personal Access Token

Creating a PAT

1. Log in to the ProductifyFW Manager web interface
2. Navigate to Settings → Personal Access Tokens
3. Click Create Token
4. Provide a descriptive name (e.g., "CLI Access - Dev Machine")
5. Select appropriate permissions/scopes
6. Copy the token immediately (it won't be shown again)

Token Scopes

Typical required scopes for CLI operations:

• projects:read - List and view projects
• projects:write - Create and modify projects
• tenants:read - List and view tenants
• tenants:write - Create and modify tenants
• applications:read - List and view applications
• applications:write - Create and modify applications
• modules:read - View modules
• modules:write - Manage modules
• deploy:execute - Deploy applications

Token Security

Best Practices:

• Store tokens securely
• Use separate tokens for different machines/contexts
• Rotate tokens regularly
• Revoke tokens when no longer needed
• Never commit tokens to version control

Multiple Environments

Development and Production

Manage multiple Manager instances:

# Login to development
pfy login \
  --server https://dev.manager.example.com \
  --token dev-token

# Later, override for production commands
pfy --manager https://prod.manager.example.com \
    --token prod-token \
    project list

Environment-Specific Configs

Create separate config files:

# Development config
cat > ~/.pfy/config.dev.yaml <<EOF
manager_url: https://dev.manager.example.com
token: dev-token
EOF

# Production config
cat > ~/.pfy/config.prod.yaml <<EOF
manager_url: https://prod.manager.example.com
token: prod-token
EOF

# Use specific config
pfy --config ~/.pfy/config.prod.yaml project list

Authentication Flow

┌─────────────┐
│  pfy login  │
└──────┬──────┘
       │
       ▼
┌──────────────────────────┐
│ Validate server URL      │
│ Validate token format    │
└──────┬───────────────────┘
       │
       ▼
┌──────────────────────────┐
│ Create ~/.pfy/ directory │
│ Write config.yaml        │
│ Set file permissions     │
└──────┬───────────────────┘
       │
       ▼
┌──────────────────────────┐
│ Success confirmation     │
└──────────────────────────┘

Verification

Test Authentication

After login, verify authentication works:

# List projects (requires authentication)
pfy project list

If successful, authentication is working correctly.

View Current Configuration

cat ~/.pfy/config.yaml

Switching Accounts

Different User

# Login as different user
pfy login \
  --server https://manager.example.com \
  --token new-user-token

This overwrites the previous configuration.

Backup Configuration

Before switching:

# Backup current config
cp ~/.pfy/config.yaml ~/.pfy/config.yaml.backup

# Login with new credentials
pfy login --server <url> --token <token>

# Restore if needed
cp ~/.pfy/config.yaml.backup ~/.pfy/config.yaml

Logout

To logout, simply remove the configuration:

rm ~/.pfy/config.yaml

Or rename it:

mv ~/.pfy/config.yaml ~/.pfy/config.yaml.disabled

CI/CD Authentication

Using Environment Variables

In CI/CD pipelines, use environment variables instead of login:

# Set environment variables
export PFY_MANAGER_URL="https://manager.example.com"
export PFY_MANAGER_TOKEN="${CI_PFY_TOKEN}"

# Commands now authenticate automatically
pfy project list
pfy application list --tenant my-tenant

GitHub Actions

- name: Authenticate
  run: |
    pfy login \
      --server ${{ secrets.PFY_MANAGER_URL }} \
      --token ${{ secrets.PFY_MANAGER_TOKEN }}

- name: List applications
  run: pfy application list --tenant production

Or use environment variables directly:

- name: Promote application
  run: pfy application promote --application-id $APP_ID --target-tenant-id $PROD_TENANT
  env:
    PFY_MANAGER_URL: ${{ secrets.PFY_MANAGER_URL }}
    PFY_MANAGER_TOKEN: ${{ secrets.PFY_MANAGER_TOKEN }}

GitLab CI

promote:
  script:
    - pfy application promote --application-id $APP_ID --target-tenant-id $PROD_TENANT
  variables:
    PFY_MANAGER_URL: $PFY_MANAGER_URL
    PFY_MANAGER_TOKEN: $PFY_MANAGER_TOKEN

Troubleshooting

Authentication Failed

If commands fail with authentication errors:

1. Verify token is valid:

   • Check token hasn't expired
   • Verify token in Manager UI
   • Ensure correct permissions

2. Check server URL:

   • Verify URL is accessible
   • Include protocol (https://)
   • Check for typos

3. Re-login:

   pfy login --server <url> --token <new-token>

Connection Refused

If the Manager is unreachable:

# Test connectivity
curl https://manager.example.com/health

# Check TLS certificate (if issues)
pfy --insecure-skip-tls-verify login \
  --server https://manager.example.com \
  --token <token>

Permission Denied

If config file can't be written:

# Check directory permissions
ls -la ~/.pfy/

# Create directory if missing
mkdir -p ~/.pfy
chmod 700 ~/.pfy

# Retry login
pfy login --server <url> --token <token>

Token Not Found

If configuration is missing:

# Check if config exists
cat ~/.pfy/config.yaml

# Re-run login
pfy login --server <url> --token <token>

Security Considerations

Token Storage

• Tokens stored in plaintext in ~/.pfy/config.yaml
• File permissions restrict access to owner only
• Consider using OS keychain for enhanced security (future enhancement)

Network Security

• Always use HTTPS for production
• Avoid --insecure-skip-tls-verify in production
• Verify TLS certificates

Access Control

• Use least-privilege tokens
• Separate tokens for dev/prod
• Regular token rotation
• Audit token usage

See Also

• Configuration - Configuration details
• Quick Start - Getting started guide
• project - Manage projects