Skip to main content

Overview

The Ubicloud CLI uses personal access tokens for authentication. All API requests require a valid token set in the UBI_TOKEN environment variable.

Creating a Personal Access Token

  1. Log in to the Ubicloud Console
  2. Navigate to SettingsAccess Tokens
  3. Click Create Token
  4. Give your token a descriptive name (e.g., “CLI Access”)
  5. Copy the token immediately - it won’t be shown again
Store your token securely. Anyone with access to your token can manage your Ubicloud resources.

Setting the Token

Temporary (Current Session)

Set the token for your current terminal session: 
export UBI_TOKEN="your-token-here"

Permanent Configuration

Add the token to your shell profile for persistent authentication: 
echo 'export UBI_TOKEN="your-token-here"' >> ~/.bashrc
source ~/.bashrc
Replace your-token-here with your actual token.

Verify Authentication

Test that authentication is working: 
ubi vm list
If authentication is successful, you’ll see your virtual machines (or an empty list). If the token is missing or invalid, you’ll see: 
! Personal access token must be provided in UBI_TOKEN env variable for use

Token Management Best Practices

Security Recommendations

Create different tokens for:
  • Development/testing environments
  • Production deployments
  • CI/CD pipelines
  • Different team members
This allows you to revoke specific tokens without affecting others.
Periodically create new tokens and revoke old ones:
  1. Create a new token
  2. Update your configuration
  3. Verify the new token works
  4. Revoke the old token
Add token files to .gitignore:
.gitignore
.env
.env.local
**/secrets/*
For complex environments, consider using:
  • direnv for per-directory environments
  • Secret management tools like HashiCorp Vault
  • CI/CD secret storage (GitHub Secrets, GitLab CI/CD Variables)

Environment Variables

The CLI supports these environment variables:
UBI_TOKEN
string
required
Your personal access token for authentication.
export UBI_TOKEN="ubic_xxxxxxxxxxxxx"
UBI_URL
string
default:"https://api.ubicloud.com/cli"
API endpoint URL. Override for custom or development environments.
# Use a different API endpoint
export UBI_URL="https://api.eu.ubicloud.com/cli"
UBI_DEBUG
string
default:""
Enable debug output. Set to 1 to see detailed request/response information.
export UBI_DEBUG=1
ubi vm list
Debug output includes:
  • Command arguments sent to API
  • Executed commands with full arguments
  • Validation steps

Tool-Specific Overrides

The CLI allows you to override the paths to external tools:
UBI_SSH
string
default:"ssh"
Path to SSH executable.
export UBI_SSH="/usr/local/bin/ssh"
UBI_SCP
string
default:"scp"
Path to SCP executable.
export UBI_SCP="/usr/local/bin/scp"
UBI_SFTP
string
default:"sftp"
Path to SFTP executable.
export UBI_SFTP="/usr/local/bin/sftp"
UBI_PSQL
string
default:"psql"
Path to psql executable.
export UBI_PSQL="/usr/local/pgsql/bin/psql"
UBI_PG_DUMP
string
default:"pg_dump"
Path to pg_dump executable.
export UBI_PG_DUMP="/usr/local/pgsql/bin/pg_dump"
UBI_PG_DUMPALL
string
default:"pg_dumpall"
Path to pg_dumpall executable.
export UBI_PG_DUMPALL="/usr/local/pgsql/bin/pg_dumpall"

Using Multiple Accounts

To work with multiple Ubicloud accounts, use shell functions or aliases:
~/.bashrc
# Personal account
alias ubi-personal='UBI_TOKEN="personal-token" ubi'

# Work account
alias ubi-work='UBI_TOKEN="work-token" ubi'
Usage: 
ubi-personal vm list
ubi-work pg list
Alternatively, use a shell function for more flexibility:
~/.bashrc
function ubi-with() {
  local env=$1
  shift
  UBI_TOKEN=$(cat ~/.ubi-tokens/$env) ubi "$@"
}
Usage: 
ubi-with production vm list
ubi-with staging pg create ...

CI/CD Integration

For automated deployments, store the token as a secret:
.github/workflows/deploy.yml
name: Deploy
on: [push]
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install CLI
        run: |
          curl -LO https://github.com/ubicloud/cli/releases/latest/download/ubi-linux-amd64
          chmod +x ubi-linux-amd64
          sudo mv ubi-linux-amd64 /usr/local/bin/ubi
      - name: Deploy
        env:
          UBI_TOKEN: ${{ secrets.UBI_TOKEN }}
        run: |
          ubi vm create ...

Troubleshooting

Token Not Found

If you see “Personal access token must be provided”:
  1. Verify the variable is set: 
    echo $UBI_TOKEN
  2. Ensure there are no typos in the variable name
  3. Check that your shell profile is loaded: 
    source ~/.bashrc  # or ~/.zshrc

Invalid Token

If you get authentication errors:
  1. Verify the token hasn’t been revoked in the console
  2. Check for extra whitespace or quotes: 
    # Wrong - includes quotes
export UBI_TOKEN='"token"'

# Correct
export UBI_TOKEN="token"
  3. Generate a new token if needed

Token Exposed

If your token is accidentally exposed:
  1. Immediately revoke it in the Ubicloud Console
  2. Create a new token
  3. Update all configurations using the old token
  4. Review access logs for suspicious activity

Next Steps

CLI Overview

Learn about available commands

Virtual Machines

Create and manage VMs

Build docs developers (and LLMs) love

Get started for freeTalk to us