Layers
Layers CLI

Authentication

Sign in, sign out, and inspect your Layers identity from the terminal.

View as Markdown

Sign in

layers login

Opens your browser, runs an OAuth authorization code flow with PKCE against the Layers auth server, and stores the resulting tokens locally. If you already have exactly one organization and one project, they are auto-selected as your defaults.

Force re-authentication to switch accounts:

layers login --force

Who am I?

layers whoami

Shows the currently-authenticated user.

Sign out

layers logout

Removes the local credentials.

Credential storage

Credentials are stored in your OS keychain when available, otherwise in an encrypted file under ~/.config/layers/. Tokens are refreshed automatically on the next CLI call.

Troubleshooting

  • Browser did not open. The login flow prints the authorization URL — copy it into a browser manually.
  • Port conflict. layers login listens on a local port for the OAuth callback. If the default port is busy, close whatever is using it and re-run.
  • Linux keychain errors. Install gnome-keyring or kwallet; the CLI falls back to an encrypted file store if neither is present.

On this page

Sign inWho am I?Sign outCredential storageTroubleshooting