Authentication
Authentication is required for premium features like CSPM, DAST, Runtime Protection, and the web dashboard.
Login
Use the login command to authenticate with your CodePhreak account:
# Login with email/password
$ codephreak login
Email: you@example.com
Password: ********
✅ Successfully logged in as you@example.com
# Or login with API key
$ codephreak login --api-key YOUR_API_KEY
✅ Successfully authenticated
# Check current user
$ codephreak whoami
Email: you@example.com
Tier: professional
API Key: <hidden>API Keys
API keys are useful for CI/CD pipelines and automation:
# Generate a new API key
$ codephreak config --generate-key
✅ API Key generated: <your-new-api-key>
# Use in CI/CD (environment variable)
export CODEPHREAK_API_KEY=<your-api-key>
codephreak cspm --provider awsSecurity Note: Never commit API keys to version control. Use environment variables or secrets management in CI/CD.
Logout
# Logout and clear credentials
$ codephreak logout
✅ Successfully logged outCredentials Storage
Credentials are stored locally in ~/.codephreak/credentials.json:
{
"api_key": "<your-api-key>",
"email": "you@example.com",
"tier": "professional"
}Premium Features Access
Once authenticated, you can access premium features:
CSPM
Cloud security scanning for AWS, Azure, GCP
DAST
Dynamic web application security testing
Runtime Protection
Real-time threat detection and monitoring
Dashboard
Web dashboard with visualizations
CI/CD Integration
Example GitHub Actions workflow with authentication:
name: Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install CodePhreak
run: pip install codephreak
- name: Run Security Scan
env:
CODEPHREAK_API_KEY: ${{ secrets.CODEPHREAK_API_KEY }}
run: |
codephreak scan . --output results.sarif --format sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif