Skip to main content

Login/Logout

Description

Authenticate to Portworx Backup and manage session tokens stored in ~/.pxb/config. Use login to obtain and persist an authentication token (via browser or username/password). Use logout to clear tokens from the config (and optionally from environment variables and the legacy token file).

Usage

Login

px pxb login [--server <auth-url>] [--username <name>] [--password <pass>]

Logout

px pxb logout [--clear-env]

Examples

Login

# Login with username and password (auth URL from config)
px pxb login --username admin --password mypassword

# Login with explicit auth server
px pxb login --server https://keycloak.example.com:31342 \
  --username admin --password mypassword

# Login using browser-based flow (no username/password flags)
px pxb login

# Login with username and password
px pxb login --username admin --password mypassword

Logout

# Logout and clear stored token
px pxb logout

# Logout and also clear environment variables
px pxb logout --clear-env

Flags for commands and sub-commands

Login Flags

FlagShortTypeDescription
--server-sstringAuth server endpoint (e.g., https://host:port). If omitted, uses pxcentral_auth_url from config
--username-ustringUsername for direct (non-browser) login
--password-pstringPassword for direct (non-browser) login

Logout Flags

FlagShortTypeDescription
--clear-envboolAlso clear environment variables (OIDC_AUTH_TOKEN, PXB_GRPC_ENDPOINT)

Notes

  • Login
    • Reads defaults from ~/.pxb/config (auth URL, client ID). If the config is missing, uses sensible defaults; --server is required when no auth URL is configured.
    • Username/password provided: uses password grant and saves the access token to config with the expiry provided by the server.
    • Without username/password: launches a browser-based OAuth2 flow (redirect server on port 8000), then saves the token and expiry to config.
    • Token and expiry are stored in ~/.pxb/config; a success message includes remaining time until expiry.
  • Logout
    • Clears the authentication token from ~/.pxb/config.
    • Removes the legacy token file if present (located at ~/.pwx/px_backup_token).
    • If --clear-env is set, unsets OIDC_AUTH_TOKEN and PXB_GRPC_ENDPOINT environment variables.

Output Format Support

  • Not applicable: these commands print human-readable messages; --output is not supported for login/logout.

Authentication and Context

  • After a successful login, the token and expiry are persisted to ~/.pxb/config and are used by other px pxb commands.
  • After logout, authentication-dependent commands will require a new login to proceed.
  • For configuring endpoints and defaults used by login (e.g., pxcentral_auth_url), see the Config guide: config.md