Skip to main content
IntentraIntentra/Docs

CLI Configuration

Configure the Intentra CLI behavior.

Configuration File

The CLI stores configuration in ~/.intentra/config.yaml.

Generate a sample configuration:

intentra config init > ~/.intentra/config.yaml

View Configuration

intentra config show

Validate Configuration

Verify your configuration is valid for server sync:

intentra config validate

This checks:

  • Server endpoint is set (if server sync enabled)
  • Authentication credentials are valid for the configured auth mode
  • Required fields for your auth mode (api_key)

Authentication Methods

Recommended: intentra login

For most users, authenticate using OAuth device flow:

intentra login

This stores credentials securely in your OS keychain (macOS Keychain, Linux Secret Service, or Windows Credential Manager) and automatically syncs data.

Enterprise: API Key Authentication

For programmatic access, Enterprise organizations can generate API keys in Settings > API Keys:

server:
  enabled: true
  endpoint: "https://api.intentra.sh"
  auth:
    mode: "api_key"
    api_key:
      key_id: "apk_..."
      secret: "intentra_sk_..."

Configuration Options

# Debug mode (logs HTTP requests, saves scans locally)
debug: false

# Server sync (for team deployments)
server:
  enabled: true
  endpoint: "https://api.intentra.sh"
  timeout: 30s
  # Auth mode: api_key
  # Leave empty to use JWT from 'intentra login' (recommended)
  auth:
    mode: ""

# Local settings
local:
  scan_timeout: 30
  min_events_per_scan: 2
  chars_per_token: 4
  archive:
    enabled: false
    path: ~/.intentra/archive
    redacted: true
    include_events: false

# Logging
logging:
  level: warn   # debug, info, warn, error
  format: text  # text, json

Local Storage Paths

Intentra stores data in ~/.intentra/:

PathDescription
~/.intentra/config.yamlConfiguration file
OS keychainAuth credentials (after intentra login)
~/.intentra/scans/Locally saved scans (when debug enabled)
~/.intentra/archive/Archived scans (when archive enabled)

Environment Variables

Override config with environment variables:

export INTENTRA_SERVER_ENDPOINT=https://api.intentra.sh/v1
export INTENTRA_API_KEY_ID=your-key-id
export INTENTRA_API_SECRET=your-secret

Custom Config File

Use a custom config file location:

intentra -c /path/to/config.yaml scans list
Configuration - Intentra Docs