Authentication
Connect the Megaport CLI to your account using API keys, environment variables, or config profiles
Prerequisites
- Megaport account (portal.megaport.com)
- Megaport CLI installed
The Megaport CLI authenticates using API keys from your Megaport account. There are three ways to provide credentials — choose the one that fits your workflow.
Step 1 — Get your API credentials
- Log into the Megaport Portal
- Navigate to My Account → API & Credentials
- Generate an Access Key and Secret Key
You'll also choose an environment: Production (live resources) or Staging (safe for testing). Credentials are environment-specific.
Staging vs Production
Start with Staging (--env staging) while learning the CLI. Resources created in staging are not billed and don't affect your live infrastructure.
Method 1 — Environment variables
The simplest approach for scripts, CI/CD pipelines, and Docker:
export MEGAPORT_ACCESS_KEY=your_access_key
export MEGAPORT_SECRET_KEY=your_secret_key
export MEGAPORT_ENVIRONMENT=production # or: staging, development
# Verify connectivity
megaport-cli locations list
These three variables are all you need. The CLI picks them up automatically on every command.
Method 2 — Config profiles
Named profiles let you switch between accounts and environments without re-entering credentials. Stored in ~/.megaport/config.json with 0600 permissions.
Create a profile
megaport-cli config create-profile production \
--access-key your_access_key \
--secret-key your_secret_key \
--environment production \
--description "Production account"
Create a staging profile too:
megaport-cli config create-profile staging \
--access-key your_staging_key \
--secret-key your_staging_secret \
--environment staging
Switch between profiles
megaport-cli config use-profile staging
# Or use a profile for a single command
megaport-cli locations list --profile production
View and manage profiles
# Show current config (secrets are masked)
megaport-cli config view
# List all profiles
megaport-cli config list-profiles
# Update credentials
megaport-cli config update-profile production \
--access-key new_key \
--secret-key new_secret
# Delete a profile (cannot delete the active profile)
megaport-cli config delete-profile old-profile
Set output defaults
Save preferences so you don't have to type them every time:
# Default to JSON output globally
megaport-cli config set-default output json
# Verify
megaport-cli config get-default output
# json
# Remove the default (revert to table)
megaport-cli config remove-default output
Method 3 — Inline environment variables
For one-off commands where you don't want to set up a profile or export variables:
MEGAPORT_ACCESS_KEY=your_key MEGAPORT_SECRET_KEY=your_secret MEGAPORT_ENVIRONMENT=production megaport-cli locations list
Credential precedence
When multiple methods are configured, the CLI follows this priority order (highest first):
| Priority | Method | How |
|---|---|---|
| 1 | Environment variables | MEGAPORT_ACCESS_KEY, MEGAPORT_SECRET_KEY, MEGAPORT_ENVIRONMENT |
| 2 | Active config profile | Set via megaport-cli config use-profile |
| 3 | Config defaults | Set via megaport-cli config set-default |
Browser / WASM authentication
The WebAssembly build uses session-based authentication via the web UI — config commands are not available in the browser.
When using the Live Demo, enter your credentials in the web terminal's auth form. Credentials are stored in memory only — they are never written to disk and are cleared when you close the tab.
Import and export config
Share a sanitised config (credentials redacted) across machines:
# Export — credentials are REDACTED for safety
megaport-cli config export --file megaport-config.json
# On another machine: fill in [REDACTED] values, then import
megaport-cli config import --file megaport-config.json
Security best practices
Keep credentials safe
- Never commit credentials to Git. Add
.envfiles to.gitignore. - Use environment variables in CI/CD pipelines (GitHub Secrets, GitLab CI Variables, etc.)
- Use config profiles for local development — secrets stored at
0600permissions. - Rotate keys regularly in the Megaport Portal.
- Prefer Staging for experiments — same API surface, no billing impact.
Once authenticated, move on to First Commands to start exploring your infrastructure.