Skip to main content
Every request to the Vast.ai API requires an API key. The CLI stores your key locally and includes it automatically in every command. This page covers how to set up, verify, and manage API keys through the CLI.

Set Your API Key

After creating a key from the Keys page, store it locally:
This writes the key to ~/.config/vastai/vast_api_key (or $XDG_CONFIG_HOME/vastai/vast_api_key if that env var is set). All subsequent commands use it automatically.

Environment Variable (CI/CD)

Instead of storing the key in a file, you can set it as an environment variable:
This is recommended for CI pipelines, Docker containers, and scripts, it avoids writing keys to disk and makes it easy to inject secrets via your platform’s secret manager. The environment variable takes precedence over the file if both are set.
If you previously used an older version of the CLI, your key may be at the legacy location ~/.vast_api_key. The CLI migrates it automatically to ~/.config/vastai/vast_api_key on next run, so no manual action is needed.

Verify Your Key

Confirm your key works by fetching your account info:
A successful response includes your user ID, email, and balance:
If you get an authentication error, double-check your API key. The most common causes are a typo, an expired key, or a scoped key that lacks the required permission for the command you’re running.

Create an API Key

You can create new keys from the CLI:
The output includes the new key value. Copy it immediately — you will not be able to retrieve it again. To create a key with restricted permissions, pass a JSON permissions file:
See the Permissions page for the full permissions file format and examples.

View and Delete Keys

List all API keys on your account:
View a specific key’s details by ID:
Delete a key:

Key Expiration

API keys do not expire by default. You can revoke a key at any time from the Keys page or with vastai delete api-key.
Treat your API key like a password. Do not commit keys to version control or share them in plaintext. If a key is compromised, revoke it immediately and create a new one.