Skip to main content

Authentication

Authenticate with Wafer to access cloud features, workspaces, and the AI agent proxy. Authentication uses OAuth with GitHub or other providers.

Quick Start

# Login with default provider (GitHub)
wafer login

# Check authentication status
wafer whoami

# Logout
wafer logout

Commands

wafer login

Authenticate with Wafer services: 
wafer login
This opens your browser for GitHub OAuth authentication. After approval, your credentials are stored locally in ~/.wafer/credentials.json.

wafer logout

Sign out and clear stored credentials: 
wafer logout

wafer whoami

Display comprehensive authentication status: 
wafer whoami
Example Output: 
stevenjarellano2@gmail.com
  Environment: prod (https://www.api.wafer.ai)
  Token: valid (expires in 47m)
  Tier: Hacker
  Credits: $19,919.59 remaining
With expired token: 
user@example.com
  Environment: prod (https://www.api.wafer.ai)
  WARNING: Token expired. Run 'wafer login' to re-authenticate.
JSON output: 
wafer whoami --json

{
  "email": "user@example.com",
  "environment": "prod",
  "api_url": "https://www.api.wafer.ai",
  "token_valid": true,
  "token_expires_in": "47m",
  "tier": "Hacker",
  "credits_remaining": "$19919.59"
}
Options:
OptionDescription
--jsonOutput as JSON for scripting
The command shows:
  • Email address
  • Environment (prod/staging/local) and API URL
  • Token validity and expiration time
  • Subscription tier (if logged in)
  • Remaining credits (if logged in)

Provider Management

Manage additional authentication providers for services like cloud GPU providers.

wafer auth providers status

Check authentication status for all providers: 
wafer auth providers status
Output: 
PROVIDER      STATUS
github        authenticated
runpod        not configured
anthropic     configured (via env)

wafer auth providers login

Authenticate with a specific provider: 
wafer auth providers login <provider>
Supported providers:
  • github — GitHub OAuth
  • runpod — RunPod API key
  • digitalocean — DigitalOcean token
Example: 
wafer auth providers login runpod

wafer auth providers logout

Sign out from a specific provider: 
wafer auth providers logout <provider>

API Keys

For the AI agent, you can use your own Anthropic API key instead of Wafer’s proxy: 
# Set via environment variable
export ANTHROPIC_API_KEY=sk-ant-...

# Use with agent
wafer agent --no-proxy "Your question"
For Wafer API access without OAuth: 
# Set API key
export WAFER_API_KEY=your-api-key

# Or configure in settings
wafer config set api_key your-api-key

Credential Storage

Credentials are stored securely in:
PlatformLocation
macOSKeychain
LinuxSecret Service / encrypted file
WindowsCredential Manager
To view stored credentials location: 
wafer config show

Troubleshooting

The CLI will display a URL you can copy and paste into your browser if the automatic browser launch fails.
  • Check internet connectivity
  • Ensure popup blockers aren’t blocking the OAuth window
  • Try logging out and back in: 
    wafer logout && wafer login
Verify the key is set correctly:
echo $WAFER_API_KEY
wafer config show

Next Steps

CLI Configuration

Configure CLI settings.

Workspaces

Access cloud GPU workspaces.

AI Agent

Use the AI assistant.

CLI Overview

Learn CLI basics.