Authentication
Give the OnMCU CLI an API key through the OS keyring or an environment variable.
Create an API key in OnMCU Settings. Store it in your OS keyring for local use, or pass it through ONMCU_API_KEY in CI.
Interactive use: OS keyring
Run the one-time login command and paste the API key when prompted:
onmcu loginThe credential is stored under the onmcu-cli service in the operating system keyring. The CLI does not write the key to its TOML configuration file.
To replace an existing credential:
onmcu login --reloginAutomation: environment variable
Headless systems and CI jobs can avoid the keyring:
export ONMCU_API_KEY='your-api-key'
onmcu list-boards --api-key-from-env
onmcu run --api-key-from-env --board NUCLEO-H743ZI --file firmware.elfYou must pass --api-key-from-env. Setting ONMCU_API_KEY alone does not make the CLI use it.
Keep API keys secret
Store ONMCU_API_KEY in your CI provider's secret store. Do not commit it to a repository, a Cargo configuration, or an OnMCU TOML configuration file.
Linux keyring requirements
On Linux, the CLI uses the Secret Service API. You need:
- a running D-Bus session; and
- a Secret Service provider such as GNOME Keyring, KWallet, or KeePassXC.
Desktop environments usually provide both. On a headless server, either start an appropriate keyring service or use ONMCU_API_KEY with --api-key-from-env.
Authentication errors
A bad or missing key returns exit code 4. A valid account without permission returns 14. See CLI exit codes.