Documentation Index
Fetch the complete documentation index at: https://docs.heylua.ai/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Lua CLI requires authentication to access the platform and deploy skills. API keys are resolved from environment variables, a local credentials file, or a.env file — no system keychain is required.
Commands
configure
Set up authentication
key
Display stored key
logout
Remove credentials
lua auth configure
Set up API key authentication.Authentication Methods
- Email (Recommended)
- API Key
Email OTP AuthenticationFeatures:
- Choose “Email” when prompted
- Enter your email address
- Check email for 6-digit code
- Enter the OTP code
- API key automatically generated and saved
- No existing account needed
- Automatic key generation
- Most secure method
- No manual key management
Where Credentials Are Stored
Credentials are stored in a plain-text file with owner-only permissions (0600):
lua auth configure. It is never committed to version control and is only readable by your user account — the same security model used by tools like kubectl, gh, and aws configure.
Environment Variable Authentication
For CI/CD, Docker, and headless servers, set theLUA_API_KEY environment variable directly — no credentials file needed:
- Local terminal
- .env file
- Dockerfile
- GitHub Actions
~/.zshrc or ~/.bashrc for persistence.Key Resolution Order
The CLI checks sources in this priority order:| Priority | Source | Best for |
|---|---|---|
| 1 | LUA_API_KEY env var | CI/CD, Docker, headless servers |
| 2 | ~/.lua-cli/credentials | Local development |
| 3 | .env file | Local development fallback |
lua auth key
Display your stored API key.Security Confirmation
For security, you must confirm before displaying the key:--force to skip the confirmation prompt (useful in scripts):
Use Cases
- Copying to another machine: Get key to set up elsewhere
- CI/CD configuration: Copy key for automated deployments
- Verification: Confirm which key is currently configured
lua auth logout
Delete the stored credentials file.Confirmation Required
--force to skip the confirmation:
What Happens
After logout, the key still works if used elsewhere (e.g. as an env var). To fully revoke access, regenerate a new key from the admin dashboard.
Troubleshooting
No API key found
No API key found
Error:
No API key found.Solution: Authenticate using one of:OTP not received
OTP not received
Problem: Didn’t receive OTP emailSolutions:
- Check spam/junk folder
- Wait a few minutes (can take up to 5 min)
- Try again with
lua auth configure - Use API Key method instead
Invalid OTP
Invalid OTP
Error:
❌ Invalid OTP codeSolutions:- Double-check the code from email
- OTP expires after 10 minutes
- Request new OTP by running command again
API key validation failed
API key validation failed
Error:
❌ Authentication failedSolutions:- Verify you copied the complete key
- Check key hasn’t been revoked
- Ensure no extra spaces
- Generate new key via email method
Upgrading from v3.8.x or earlier
Upgrading from v3.8.x or earlier
Previous versions stored credentials in the OS keychain (via Or set the environment variable directly:
keytar). Starting in v3.9.0, credentials are stored in ~/.lua-cli/credentials.One-time migration step:Best Practices
Use Email Authentication for Local Dev
Use Email Authentication for Local Dev
Recommended for individual developers — automatic key management, no manual key to remember.
Use LUA_API_KEY for CI/CD and Docker
Use LUA_API_KEY for CI/CD and Docker
Inject the key as an environment variable or secret. No credentials file needed, no native dependencies.
Keep Keys Private
Keep Keys Private
- Don’t commit
.envto git (add to.gitignore) - Don’t share in chat or email
- Use
lua auth logoutwhen done on shared machines - Rotate keys regularly
Disable Telemetry in CI
Disable Telemetry in CI
LUA_TELEMETRY=false in your CI environment variables.Next Steps
Initialize Project
Create your first skill after authentication
Deploy Commands
Deploy primitives to production