BahriyaBAHRIYAby Mamluk

Authentication

Reis authenticates using personal access tokens (PATs). You generate a PAT in the Bahriya console and provide it to Reis.

Updated 8 Jun 20262 min read

Reis authenticates using personal access tokens (PATs). You generate a PAT in the Bahriya console and provide it to Reis.

Logging in

reis auth:login

Reis prompts you for:

  1. API URL — defaults to https://api.bahriya.cloud/console/v1. Press Enter to accept the default, or provide a custom URL for self-hosted environments.
  2. Personal access token — paste your PAT (input is hidden). Tokens must start with pat_.

Reis validates the token by making a test API call. If successful, your credentials are saved to ~/.reis/config.yml.

Checking auth status

reis auth:status

Shows whether you are authenticated, your API URL, a masked version of your token, and validates that the credentials are still valid by making an API call.

How credentials are stored

Credentials are stored in ~/.reis/config.yml:

api_url: 'https://api.bahriya.cloud/console/v1'
token: 'pat_abc123...'
default_org: 'org-uuid-here'

The file is created on first login. Only the current user has read/write access.

Setting your organisation

Most Reis commands operate within an organisation context. After logging in, set your default organisation:

# Interactive — prompts with a list of your organisations
reis org:switch
 
# Direct — pass the organisation ID
reis org:switch 550e8400-e29b-41d4-a716-446655440000

This saves the default_org in ~/.reis/config.yml. All subsequent commands (including reis apply -f) use this organisation automatically.

You can override the default on any command with --org:

reis container:list --org 550e8400-e29b-41d4-a716-446655440000
reis apply -f infrastructure.yml --org 550e8400-e29b-41d4-a716-446655440000

To see which organisation is currently active:

reis org:list

Your default organisation is marked in the output.

Using environment variables

For CI/CD pipelines, set the REIS_TOKEN environment variable instead of running reis auth:login:

export REIS_TOKEN=pat_abc123...

When REIS_TOKEN is set, Reis uses it instead of the stored config file token. This keeps your PAT out of shell history and config files on ephemeral CI runners.

You can also set the API URL:

export REIS_API_URL=https://api.bahriya.cloud/console/v1

Exit codes

Reis uses distinct exit codes to help scripts differentiate between errors:

Exit codeMeaning
0Success
1General error (API error, validation failure, etc.)
2Authentication failure (not logged in, expired token, invalid credentials)

Exit code 2 lets CI pipelines detect auth problems separately from application errors:

reis container:list --project my-project --output json
if [ $? -eq 2 ]; then
  echo "Authentication failed - check your REIS_TOKEN"
  exit 1
fi

Logging out

Delete your config file to remove stored credentials:

rm ~/.reis/config.yml

Or delete the entire config directory:

rm -rf ~/.reis