Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rafftechnologies.com/llms.txt

Use this file to discover all available pages before exploring further.

Updated May 10, 2026 The raff api-key command group manages API keys for the account. Each key has a name, a rate-limit tier, an optional expiration, and an active flag. The plaintext secret is returned once at create or regenerate — it cannot be retrieved later. Every subcommand supports --output json for scripting. Aliases: raff api-keys, raff key, raff keys.

Subcommand index

SubcommandWhat it does
listList API keys
getShow details for one key (no secret)
createCreate a new API key (returns the secret once)
updateUpdate a key’s metadata
regenerateRotate the secret (returns the new secret once)
revokePermanently revoke a key

list

raff api-key list [--output table|json]
List API keys for the account. Output columns: ID, NAME, PREFIX, ACTIVE, EXPIRES. Secrets are never returned by list.

get

raff api-key get <key-id>
Show key metadata — ID, name, prefix, active flag, expiration. The secret is never returned by get.

create

raff api-key create \
  --name <name> \
  [--rate-limit-tier standard|high] \
  [--expires-at <RFC3339>]
Create a new API key. Required: --name. The plaintext secret is printed once — copy it immediately. The default rate-limit tier is standard; high requires support approval. 
raff api-key create --name "ci-deploy" \
  --rate-limit-tier standard \
  --expires-at 2026-12-31T23:59:59Z

update

raff api-key update <key-id> \
  [--name <new-name>] \
  [--rate-limit-tier standard|high] \
  [--active true|false] \
  [--expires-at <RFC3339>]
Update one or more metadata fields. At least one flag must be provided. Use --active false to suspend a key without revoking — re-enable later by setting --active true.

regenerate

raff api-key regenerate <key-id>
Rotate the secret. The new secret is printed once; the old secret stops working immediately.

revoke

raff api-key revoke <key-id> [--force]
Permanently revoke the key. Any client using it will fail immediately. Pass --force to skip the confirmation prompt.

raff_api_key (Terraform)

Declarative API key management.

Role commands

Roles control what a key can do.

Configure CLI auth

Where to put the secret after creating it.
Last modified on May 11, 2026