Authentication, tenants, profiles, secrets, and complete setup flow for cloud operations.
Authentication
{ "command": "cloud auth whoami" }
Login and logout require the terminal:
just login
just logout
Tenant Management
{ "command": "cloud tenant list" }
{ "command": "cloud tenant show" }
{ "command": "cloud tenant show <tenant-id>" }
{ "command": "cloud tenant create --region iad" }
{ "command": "cloud tenant create --name \"My Project\" --region lhr" }
{ "command": "cloud tenant select <tenant-id>" }
{ "command": "cloud tenant rotate-credentials <tenant-id> -y" }
Profile Management
{ "command": "cloud profile list" }
{ "command": "cloud profile show" }
{ "command": "cloud profile show <profile-name>" }
{ "command": "cloud profile create production" }
{ "command": "cloud profile create staging --environment staging" }
{ "command": "cloud profile edit <profile-name>" }
{ "command": "cloud profile delete staging -y" }
Secrets Management
{ "command": "cloud secrets list" }
{ "command": "cloud secrets list --profile <profile-name>" }
{ "command": "cloud secrets set ANTHROPIC_API_KEY sk-ant-xxxxx" }
{ "command": "cloud secrets set DATABASE_URL postgres://..." }
{ "command": "cloud secrets delete OLD_KEY -y" }
Cloud Database
{ "command": "cloud db status" }
{ "command": "cloud db status --profile <profile-name>" }
{ "command": "cloud db query --profile <profile-name> \"SELECT COUNT(*) FROM users\"" }
{ "command": "cloud db query --profile <profile-name> \"SELECT * FROM content LIMIT 5\"" }
{ "command": "cloud db tables --profile <profile-name>" }
Cloud Status & Operations
{ "command": "cloud status" }
{ "command": "cloud restart --yes" }
{ "command": "cloud init" }
{ "command": "cloud dockerfile" }
{ "command": "cloud dockerfile --output Dockerfile" }
Complete Setup Flow
Step 1: Cloud Login
Authenticate with SystemPrompt Cloud using OAuth.
{ "command": "cloud auth login" }
What it does:
- Opens browser for GitHub/Google OAuth
- Saves credentials to
.systemprompt/credentials.json - Displays user info and available subscriptions
Step 2: Tenant Setup
Link this project to a cloud tenant.
{ "command": "cloud tenant create --name my-project --region iad" }
{ "command": "cloud tenant list" }
{ "command": "cloud tenant" }
What it does:
- Lists existing tenants or creates new one
- Configures tenant in credentials file
- Polls for tenant provisioning (1-2 minutes)
Step 3: Profile Configuration
Interactive wizard for complete environment setup.
{ "command": "cloud profile create local" }
{ "command": "cloud profile create production" }
Generates:
.systemprompt/profiles/<env>/
├── profile.yml # Runtime configuration
├── secrets.json # API keys + DATABASE_URL
└── docker-compose.yml # Local services (local only)
Step 4: Database Setup
Start the database and run migrations.
just db-up
{ "command": "infra db migrate" }
Step 5: Verify
{ "command": "cloud status" }
{ "command": "cloud auth whoami" }
The .systemprompt Directory
Structure
project-root/
└── .systemprompt/ # Project-level (gitignored)
├── credentials.json # Auth token + user info
├── tenants.json # Tenant cache
├── Dockerfile # Application image
└── profiles/ # Environment-specific configs
├── local/
│ ├── profile.yml
│ ├── secrets.json
│ └── docker-compose.yml
└── production/
├── profile.yml
└── secrets.json
File Specifications
credentials.json
{
"api_token": "sp_live_abc123...",
"api_url": "https://api.systemprompt.io",
"user_email": "developer@example.com"
}
tenants.json
{
"selected": "ten_abc123",
"tenants": [
{
"id": "ten_abc123",
"name": "my-project",
"app_id": "sp-my-project-abc",
"hostname": "my-project.systemprompt.io",
"region": "iad"
}
]
}
secrets.json
{
"ANTHROPIC_API_KEY": "sk-ant-...",
"OPENAI_API_KEY": "sk-...",
"DATABASE_URL": "postgresql://..."
}
Environment Variables
| Variable | Description |
|---|---|
SYSTEMPROMPT_PROFILE |
Path to active profile |
DATABASE_URL |
PostgreSQL connection |
ANTHROPIC_API_KEY |
Claude API key |
OPENAI_API_KEY |
OpenAI API key |
Bootstrap from Scratch
For a completely fresh project:
SQLX_OFFLINE=true cargo build --release --manifest-path core/crates/entry/cli/Cargo.toml
./core/target/release/systemprompt cloud auth login
./core/target/release/systemprompt cloud tenant
./core/target/release/systemprompt cloud profile
./core/target/release/systemprompt infra db migrate
./core/target/release/systemprompt infra services start --all
Server available at http://127.0.0.1:8080.
Setup Flow Checklist
| Phase | Command | Verify |
|---|---|---|
| 1 | just login |
credentials.json created |
| 2 | just tenant |
tenants.json created |
| 3 | just init |
services/ created |
| 4 | just configure |
profiles/ created |
| 5 | just db-up |
Container running |
| 6 | just migrate |
Tables created |
| 7 | just sync |
Data synced |
| 8 | just start |
Server running |
| 9 | just deploy |
Deployed (optional) |
Security Notes
- Never commit secrets --
.systemprompt/is gitignored - Project-specific credentials -- Each project has its own tenant
- Environment isolation -- Each profile has its own secrets
- Token refresh -- Re-run
loginif API calls fail with 401 - File permissions -- Secrets files created with
0o600 - JWT secret length -- Minimum 32 characters enforced
Troubleshooting
"Not logged in" -- just login
"No tenant configured" -- cloud tenant or just tenant
"Profile required" -- export SYSTEMPROMPT_PROFILE=.systemprompt/profiles/local/profile.yml
"Database connection failed" -- just db-up then verify with docker ps | grep postgres
"Cloud token expired" -- just login
Cloud DB connection failed -- verify profile config with cloud profile show <profile-name> and check cloud status.
JWT Secret Too Short -- Generate a longer secret: openssl rand -base64 48
Quick Reference
| Task | Command |
|---|---|
| Login | just login (terminal) |
| Check auth | cloud auth whoami |
| Logout | just logout (terminal) |
| List tenants | cloud tenant list |
| Show tenant | cloud tenant show |
| Create tenant | cloud tenant create --region iad |
| Select tenant | cloud tenant select <id> |
| List profiles | cloud profile list |
| Show profile | cloud profile show <name> |
| Create profile | cloud profile create <name> |
| Edit profile | cloud profile edit <name> |
| Delete profile | cloud profile delete <name> -y |
| List secrets | cloud secrets list |
| Set secret | cloud secrets set KEY value |
| Delete secret | cloud secrets delete KEY -y |
| DB status | cloud db status --profile <name> |
| DB query | cloud db query --profile <name> "SQL" |
| DB tables | cloud db tables --profile <name> |
| Cloud status | cloud status |
| Restart cloud | cloud restart --yes |
| Init project | cloud init |
| Full setup | just login && just tenant && just configure && just db-up && just migrate |