Authentication

Give the OnMCU CLI an API key through the OS keyring or an environment variable.

Create an API key in OnMCU Settings. Store it in your OS keyring for local use, or pass it through ONMCU_API_KEY in CI.

Interactive use: OS keyring

Run the one-time login command and paste the API key when prompted:

onmcu login

The credential is stored under the onmcu-cli service in the operating system keyring. The CLI does not write the key to its TOML configuration file.

To replace an existing credential:

onmcu login --relogin

Automation: environment variable

Headless systems and CI jobs can avoid the keyring:

export ONMCU_API_KEY='your-api-key'
onmcu list-boards --api-key-from-env
onmcu run --api-key-from-env --board NUCLEO-H743ZI --file firmware.elf

You must pass --api-key-from-env. Setting ONMCU_API_KEY alone does not make the CLI use it.

Keep API keys secret

Store ONMCU_API_KEY in your CI provider's secret store. Do not commit it to a repository, a Cargo configuration, or an OnMCU TOML configuration file.

Linux keyring requirements

On Linux, the CLI uses the Secret Service API. You need:

  • a running D-Bus session; and
  • a Secret Service provider such as GNOME Keyring, KWallet, or KeePassXC.

Desktop environments usually provide both. On a headless server, either start an appropriate keyring service or use ONMCU_API_KEY with --api-key-from-env.

Authentication errors

A bad or missing key returns exit code 4. A valid account without permission returns 14. See CLI exit codes.

On this page