Authentication & config
Set your API token, understand the ~/.rank-cli files, configure CLI settings and register API keys for local tools.
The CLI keeps all of its state in a single directory, ~/.rank-cli/. There are three things you
configure: your API token (how the CLI authenticates to Rank), the CLI settings (URLs,
default mode, verbosity), and the tool API keys that get injected into tools running locally.
rank auth — your API token
The token (rk_...) is how the CLI talks to the Rank API. It is stored in
~/.rank-cli/credentials with 0600 permissions.
rank auth set rk_live_xxxxxxxxxxxxxxxx
rank auth status
rank auth removeauth set <token>validates that the token starts withrk_and saves it. It is verified against the API on the first real operation.auth statusprints the masked token and verifies it against the API, showing the resolved username and email when valid.auth removedeletes the saved token.
Most commands require a token; if none is configured they fail with a hint to run rank auth set.
The ~/.rank-cli/ directory
| Path | Contents | Notes |
|---|---|---|
~/.rank-cli/credentials | Your API token | Permissions 0600. |
~/.rank-cli/settings.json | CLI settings (see below) | Managed via rank config. |
~/.rank-cli/env | API keys for local tools | Permissions 0600. Managed via rank env. |
~/.rank-cli/data/ | Local cache | Managed by the CLI. |
rank config — CLI settings
Persistent settings live in ~/.rank-cli/settings.json. Show them, or set one key at a time.
rank config show
rank config set phpBaseUrl https://api.aleex-rank.ai/api/v2
rank config set defaultMode local
rank config set verbose trueThe valid keys are:
| Key | Values | Default | Purpose |
|---|---|---|---|
phpBaseUrl | URL | https://api.aleex-rank.ai/api/v2 | PHP REST backend (CRUD). |
goBaseUrl | URL | https://aleex.aleex-rank.ai | Go backend (AI/streaming). |
defaultMode | cloud | local | cloud | Default execution mode. |
verbose | true | false | false | Extra output. |
URL keys are validated; an http:// value is accepted but warns that traffic is not encrypted.
The defaultMode value must be cloud or local, and verbose must be true or false.
rank env — API keys for local tools
Local tools (for example a Shodan or WPScan wrapper) may need their own API keys. Register them
with rank env. They are stored in ~/.rank-cli/env with 0600 permissions and are injected
automatically into any local tool that declares the matching key in its requires_api_key field.
rank env set SHODAN_API_KEY=abcdef123
rank env list
rank env unset SHODAN_API_KEYenv set KEY=VALUEstores a key. Names must match^[A-Za-z_][A-Za-z0-9_]*$(letters, numbers and underscores). A set of sensitive process variables (PATH,HOME,LD_PRELOAD, …) is rejected — only tool API keys belong here.env listprints the configured keys with masked values.env unset KEYremoves a key.
If a tool declares a one-shot bootstrap step (for example shodan init {SHODAN_API_KEY}),
setting the corresponding key with rank env set triggers that bootstrap automatically when the
required binary is installed.
These keys matter only for local execution; in cloud mode tools run on the
Rank backend. Use rank doctor to confirm the binaries those tools call are
installed.
Environment variables
A couple of environment variables tweak CLI behaviour at runtime:
| Variable | Effect |
|---|---|
RANK_NO_PAGER=1 | Disable the pager for rank docs output. |
RANK_DEBUG=1 | Emit extra debug logs (notably in local chat and rank doctor). |
Verify your setup
rank auth status # token valid? whoami?
rank config show # which URLs and default mode?
rank env list # which tool API keys are set?With authentication in place, continue to the Command reference or learn about local vs cloud execution.