Problem
Users commonly have multiple API keys in ClickHouse Cloud (one per project, one for CI, etc.) and can't tell from the CLI which one is currently being used. Only the key value is visible (in env vars, credentials file, or CLI flag) — not the key's name or UUID that shows up in the Cloud UI.
This surfaced while working on #115: the user couldn't remember which of several API keys was active on the CLI.
Proposed behaviour
`cloud auth status` should show, when API-key auth is active:
- The API key's name (from the UI) and UUID
- Its assigned roles
To get there we need to fetch `openapi_key_get_list` and match the active key value against the keys returned. API responses may not include the key value (they usually only return the prefix or hash) — if so, we'll need to either:
- Extract the key ID from the key string if it's a prefix-encoded format (common pattern for OpenAPI keys), OR
- Ask the server for `GET /openapi-keys/me` if such an endpoint exists, OR
- Keep a side-table in the credentials file mapping key-value → key-id + name when the user runs `cloud auth login --api-key ...`.
Spike the options first; this probably lands as two PRs (detection + display).
Why this matters
Related
Problem
Users commonly have multiple API keys in ClickHouse Cloud (one per project, one for CI, etc.) and can't tell from the CLI which one is currently being used. Only the key value is visible (in env vars, credentials file, or CLI flag) — not the key's name or UUID that shows up in the Cloud UI.
This surfaced while working on #115: the user couldn't remember which of several API keys was active on the CLI.
Proposed behaviour
`cloud auth status` should show, when API-key auth is active:
To get there we need to fetch `openapi_key_get_list` and match the active key value against the keys returned. API responses may not include the key value (they usually only return the prefix or hash) — if so, we'll need to either:
Spike the options first; this probably lands as two PRs (detection + display).
Why this matters
Related