Skip to main content
A profile pairs non-secret workspace metadata with a user-local OAuth grant or API key. A repository stores only the profile selector and expected workspace identity.

Authenticate a profile

Interactive login opens a browser:
Sign in or sign up, choose a workspace, and approve the requested scopes. For a noninteractive environment, use an API key from an environment variable or stdin. Never put the key value in an argument:

Selection order

The CLI selects exactly one profile in this order:
  1. The global --profile <name> option.
  2. The repository’s .gleanfeed.json profile.
  3. The active user profile selected by gleanfeed profile switch <name>.
The saved credential still determines the workspace on the server. If the repository’s expected workspace ID differs from the selected profile, the CLI fails instead of silently switching the binding.

Initialize a repository

Run from any directory inside the Git repository:
The CLI finds the Git root and writes schema version 1:
.gleanfeed.json
Only version, profile, and workspaceId are required. defaultBoard, portalUrl, and appUrl are optional non-secret conveniences. Repository config cannot set an API endpoint, credential, user data, or absolute machine path. The CLI does not modify .gitignore. Review the file, then deliberately commit it when collaborators should share the workspace selector.

Inspect and update supported fields

version and workspaceId are derived and read-only. Setting profile refreshes the expected workspace ID from that authenticated local profile. Re-running init preserves supported values that were not replaced on the command line.

Where credentials live

Profile metadata and credentials live in the current user’s application config directory, separate from the repository. On macOS and Linux, the directory is owner-only (0700) and both files are owner-readable/writable (0600). Windows uses the current user’s application-data ACLs. Writes use same-directory temporary files and atomic renames. Set GLEAN_FEED_CONFIG_DIR only for an isolated test or automation root. Do not commit that directory.

Remove access

For OAuth profiles, logout attempts remote revocation and always removes the local profile and tokens. For API-key profiles, revoke the key separately in Settings → API Keys so any other copy stops working. Remove .gleanfeed.json when the repository should no longer select the workspace. See CLI security for scope, rotation, and telemetry details.