Authentication

MemNexus uses API keys for authentication. Keys follow the format cmk_live_<id>.<secret> and are passed as Bearer tokens.

Logging in

mx auth login --interactive

This masks your input so the key isn't visible in your terminal history.

mx auth login --api-key cmk_live_xxx.yyy

The key is stored in your local config file.

mx auth status

This shows your authentication state, API URL, and output format.

mx auth logout

This removes your stored credentials.

mx apikeys list

Shows key metadata (ID, label, creation date). Actual key secrets are never displayed.

mx apikeys create --label "My CLI Key"

The full key is shown only once during creation. Save it immediately.

To create a key with an expiration:

mx apikeys create --label "Temporary Key" --expires-at "2026-12-31T23:59:59Z"

mx apikeys delete key_abc123

Add --force to skip the confirmation prompt.

For CI/CD pipelines and automation, use environment variables instead of the config file:

export MX_API_KEY="cmk_live_xxx.yyy"

Environment variables take precedence over config file values.

API key secrets are only shown once during creation. Save them immediately in a secure location like a password manager or secrets vault.

Never commit API keys to version control
Use separate keys for different environments (dev, staging, production)
Set expirations on temporary keys
Use environment variables in CI/CD, not config files
Rotate keys periodically — create a new key, update your systems, then delete the old one