Authentication enables infrastructure access without the need for static secrets, keys or shared passwords. Instead, users log in with an authentication method, and short-lived credentials are distributed to users automatically.
Users authenticate by downloading the Infra CLI and then log in via their terminal:
infra login prompts users to log in via different authentication methods. For authentication methods that require a browser, Infra will direct users to a login page in their browser:
After logging in, Infra automatically updates local configuration files with the required short-lived credentials for access.
Users may log in to Infra using a web browser or via the CLI.
<org>.infrahq.com/login in a web browser.
Access Keys are a built-in authentication method. To log in using an access key, set the
INFRA_ACCESS_KEY environment variables:
export INFRA_SERVER=<org>.infrahq.com export INFRA_ACCESS_KEY=<xxxxxxxxxxxx.yyyyyyyyyyyyyyyyyyyyyyyyyyy>
Access keys can be created by logging in to the Infra dashboard and clicking Settings.
In order for a user to log into your organization using Google they must either have been manually added as a user by an administrator or have a Google account with an email that matches the organization's allowed domains. Allowed email domains can be configured in "settings > authentication".
Note: When users log in using Google they will not have access to any infrastructure by default. They must be directly granted access by an administrator.
Custom Identity Providers
Infra supports logging in using custom identity providers such as your own Google Workspace client and Okta. To configure a custom identity provider, refer to the individual guides for each provider below:
After configuring an identity provider, users will be able to authenticate with it when running