CLI Configuration

Configure the Doclayer CLI with profiles, environment variables, and authentication options.

Configuration

Learn how to configure the Doclayer CLI with profiles, environment variables, and authentication settings.

Configuration Directory

The CLI stores configuration in ~/.doclayer/:

~/.doclayer/
├── config.json      # Main configuration file
├── credentials      # Encrypted credentials (tokens, API keys)
└── profiles/        # Optional per-profile settings

Configuration File

The main configuration file config.json stores profiles and default settings:

{
  "default_profile": "production",
  "profiles": {
    "local": {
      "name": "local",
      "base_url": "http://localhost:8000",
      "tenant_id": null,
      "default_project": null,
      "output_format": "table"
    },
    "development": {
      "name": "development",
      "base_url": "https://dev-api.doclayer.ai",
      "tenant_id": "tenant_dev_123",
      "default_project": "proj_test",
      "output_format": "json"
    },
    "production": {
      "name": "production",
      "base_url": "https://api.doclayer.ai",
      "tenant_id": "tenant_prod_456",
      "default_project": "proj_main",
      "output_format": "table"
    }
  }
}

Working with Profiles

Profiles let you switch between different environments (local, dev, staging, production) easily:

# List all profiles
doclayer config profile list

# Create a new profile
doclayer config profile create staging

# Switch active profile
doclayer config profile use staging

# Edit profile settings
doclayer config profile edit staging

# Delete a profile
doclayer config profile delete staging

# Show current configuration
doclayer config show

# Import profiles from YAML file
doclayer config import-profiles --from-file profiles.yaml --force

# Set default profile
doclayer config import-profiles --from-file profiles.yaml --set-default local

Profile Import Format

# profiles.yaml
local:
  base_url: http://localhost:8000
  tenant_id: null
  default_project: null

development:
  base_url: https://dev-api.doclayer.ai
  tenant_id: tenant_dev_123
  default_project: proj_test

production:
  base_url: https://api.doclayer.ai
  tenant_id: tenant_prod_456
  default_project: proj_main

Using Profiles Per Command

# Use specific profile for a command
doclayer --profile production agent list

# Short form
doclayer -p staging ingest file doc.pdf --project proj_123

Environment Variables

Environment variables override configuration file settings:

VariableDescriptionExample
DOCLAYER_API_KEYAPI key for authenticationdly_abc123...
DOCLAYER_TOKENJWT token (from auth login)eyJhbG...
DOCLAYER_BASE_URLAPI endpoint URLhttps://api.doclayer.ai
DOCLAYER_TENANTTenant ID for multi-tenanttenant_123
DOCLAYER_PROFILEActive profile nameproduction
DOCLAYER_PG_DSNPostgreSQL DSN for pgvector verificationpostgresql://user:pass@host:5432/db
DOCLAYER_VERBOSEEnable verbose outputtrue
DOCLAYER_DEBUGEnable debug loggingtrue

Example Shell Configuration

# Add to ~/.bashrc or ~/.zshrc

# Authentication
export DOCLAYER_API_KEY="dly_your_api_key_here"
export DOCLAYER_TENANT="00000000-0000-0000-0000-000000000000"

# Default profile
export DOCLAYER_PROFILE="production"

# For pgvector verification (optional)
export DOCLAYER_PG_DSN="postgresql://user:password@postgres.doclayer-infra.svc.cluster.local:5432/doclayer"

Authentication Methods

The CLI supports multiple authentication methods:

1. Interactive Login

Opens a browser for OAuth authentication. Best for development.

doclayer auth login

2. API Key Authentication

Use an API key for scripts and CI/CD. Create keys in the web dashboard.

# Set via environment variable (recommended)
export DOCLAYER_API_KEY="dly_your_api_key"

# Or login with API key
doclayer auth login --api-key

# Verify authentication
doclayer auth status

3. JWT Token

Use a JWT token directly (advanced use case).

export DOCLAYER_TOKEN="eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."

Managing API Keys

# List your API keys
doclayer auth api-key list

# Create a new API key
doclayer auth api-key create --name "CI/CD Pipeline"

# Revoke an API key
doclayer auth api-key revoke <key_id>

Security Best Practices

🔒 Never Commit Credentials

Never commit API keys or tokens to version control. Use environment variables or secret management.

🔑 Use Scoped API Keys

Create separate API keys for different purposes (dev, CI/CD, production) and rotate them regularly.

📁 Protect Config Directory

Ensure ~/.doclayer/ has restricted permissions: chmod 700 ~/.doclayer

🚪 Logout When Done

Run doclayer auth logout on shared machines to clear stored credentials.

Troubleshooting

401 Not Authenticated

Run doclayer auth login or check that DOCLAYER_API_KEY is set correctly.

Missing Default Project

Set a default project with doclayer project set-default proj_123 or pass --project flag to commands.

Connection Timeout

Check DOCLAYER_BASE_URL is correct. Use --verbose to see the actual URL being called.

Batch ProcessingCLI Overview