Authentication

Translation lookups (resolve, translate, config-paths, migrate, inventory --resolve, readiness) authenticate to the Vrtmv API with a per-account bearer token. Local-only commands (assess, drift) need no account.

Storing a token

vrtmv auth <token>

This writes the token to a credentials file with owner-only permissions. Show the current status, or clear it:

vrtmv auth            # show masked token + stored URL
vrtmv auth --clear    # remove stored credentials

To point at a non-default API endpoint, store a URL alongside the token:

vrtmv auth <token> --url https://api.vrtmv.com

Environment variables

Credentials can also come from the environment, which takes precedence over the stored file:

VariablePurpose
VRTMV_API_KEYBearer token.
VRTMV_API_URLAPI base URL.

Transport security

The API base URL must be https://. The client refuses to send your bearer token over cleartext http:// to a non-loopback host — the token is your licensing credential, and it is attached to every request. A local development server on localhost/loopback is allowed over http://, and an explicit VRTMV_ALLOW_INSECURE=1 overrides the check with a warning.

Managing tokens & usage

An account can hold multiple tokens, and each token's usage is metered against the account. See Accounts, quota & billing.