How can I stay permanently signed in with the new CLI? It is quite annoying to sign in again almost every day via CLI.
Running commands with the account log in is meant to be a safe way to give you access to all of the databases your login has access to. That means, among other things, that you can commit a config file to version control containing the database paths and other arguments in a config file so devs can log in, access databases they have access to, but not others (we are in the process of implementing finer-grain database access that, once released, I think will make this clearer). That’s not the kind of access key we want folks to have indefinitely. We also don’t want unused keys to exist forever and accumulate over time.
To avoid logging in, provide the --secret argument instead of relying on the account login (--user option). Does that sound like it will work for you?
You can add a secret to a profile in a config file and use that (just don’t commit it to version control!).
Setting up a global config
Here’s what I’ve done on my machine. It helps a lot with day-to-day stuff.
The CLI will use a config file and profile defined in the FAUNA_CONFIG and FAUNA_PROFILE env variables if defined, so I have configured a global config file that is available everywhere.
~ ❯ echo $FAUNA_CONFIG
/Users/ptpaterson/.fauna/fauna.config.yaml
~ ❯ echo $FAUNA_PROFILE
none
~ ❯ cat ~/.fauna/fauna.config.yaml
# an empty one to set globally
none: {}
default:
user: default
test-db:
secret: fnAF********7Dp5
Demo:
secret: fnAF********31Vm
# ... other profiles
where I set the env vars in my ZSH config
# Fauna CLI
export FAUNA_CONFIG="/Users/ptpaterson/.fauna/fauna.config.yaml"
export FAUNA_PROFILE=none
Then you can use the CLI from any directory using those global profiles
fauna query -p test-db 'foo'
You can access child databases using a secret too. So if you had keys to your root RG databases, then you could, for example, provide a config like this
# RG Roots
us:
secret: US_SECRET
eu:
secret: EU_SECRET
global:
secret: GLOBAL_SECRET
and query any database you need
fauna query -p us -d some/child/db/path 'foo'
Caveats
Do NOT save any secrets in config files that are committed to any repositories.
If you are using commands that rely on picking up the default config files, the env vars will take precedence. You may need to clear the env vars to run commands (FAUNA_CONFIG= FAUNA_PROFILE= my-script), or you can make sure that the CLI commands provide an explicit --config and --profile options.