# Authentication ## Interactive Login For interactive usage, the CLI opens your browser to authenticate directly with your identity provider: ```bash nullify auth login --host api..nullify.ai ``` This will: 1. Open your browser to authenticate with your identity provider (GitHub, Azure, Okta, etc.) 2. Redirect back to the CLI automatically once authenticated 3. Store the credentials locally at `~/.nullify/credentials.json` ## Auth Commands ### Check login status ```bash nullify auth status ``` ### View current token ```bash nullify auth token ``` ### Switch between hosts ```bash nullify auth switch --host api..nullify.ai ``` ### Log out ```bash nullify auth logout ``` ### View configuration ```bash nullify auth config ``` ## CI/CD Usage For non-interactive environments (CI/CD pipelines, scripts), use token-based authentication: ### Using a Nullify API Token ```bash nullify --nullify-token sast list-findings ``` Or set via environment variable: ```bash export NULLIFY_TOKEN= nullify sast list-findings ``` ### Using a GitHub Token ```bash nullify --github-token sast list-findings ``` Or set via environment variable: ```bash export GITHUB_TOKEN= nullify sast list-findings ``` ## Token Precedence The CLI resolves authentication in this order: 1. `--nullify-token` flag 2. `NULLIFY_TOKEN` environment variable 3. `--github-token` flag (exchanged for Nullify token) 4. `GITHUB_TOKEN` environment variable (exchanged for Nullify token) 5. Stored credentials from `nullify auth login` ## Credential Storage Credentials are stored at `~/.nullify/credentials.json` with file permissions `0600` (owner read/write only). The file contains: * Access token * Refresh token * Token expiry time * Host configuration Tokens are automatically refreshed when they expire. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nullify.ai/cli/install/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.