Authentication
The Watasu CLI supports two ways to log in: a browser flow for humans and API keys for automation. Once authenticated, the same credentials work for both API calls and Git pushes to git.watasu.io.
Browser login
Section titled “Browser login”watasu loginOpens a browser, you authenticate, and credentials are stored locally. Use this on workstations.
API key login
Section titled “API key login”For CI, scripts, or any non-interactive environment:
watasu login --api-key "$WATASU_API_KEY"Generate API keys in the dashboard. Keep them in your CI provider’s secret store, not in your repo.
Who am I logged in as?
Section titled “Who am I logged in as?”watasu whoamiLog out
Section titled “Log out”watasu logoutRemoves locally stored credentials.
How the CLI chooses an app
Section titled “How the CLI chooses an app”Most commands target a single app. The CLI resolves which one in this order:
--app <name>if you passed it explicitly--remote <name>if you specified a Git remote name- the default
watasuGit remote in the current directory
That’s why running watasu config:set FOO=bar works without --app when you’re inside your app’s repo — the remote tells the CLI which app to target.
- on workstations, use browser login. It rotates cleanly with your account.
- in CI, use API keys. Treat them like any other deploy credential.
- when scripting, always pass
--appexplicitly. Implicit remote-based resolution is convenient interactively but a footgun in CI.