---
title: Configuration
description: The scripto config file, named profiles, environment variables, and the API-key and base-URL resolution chains.
---

The CLI stores credentials in a config file and resolves which key and backend to use through a clear chain you can override per command.

## Config file

```text
~/.config/scripto/config.json   (mode 0600)
```

It holds one or more **profiles**, each with an `apiKey`, the `email`/`userId` it belongs to, an optional non-production `baseUrl`, and timestamps. One profile is **active** at a time.

## Profiles

```bash
scripto use                # list profiles (● marks the active one)
scripto use <name>         # switch the active profile
scripto logout [name]      # remove a profile (default: active)
scripto config show        # show the resolved config
scripto config set --api-key scripto_...   # store a key as a profile
scripto config clear       # clear stored config
```

A new profile is created automatically when you complete the OTP flow; its name is derived from your email unless you pass `--profile-name`.

## Environment variables

| Variable | Effect |
|---|---|
| `SCRIPTO_API_KEY` | API key to use (overrides the stored profile key). |
| `SCRIPTO_API_BASE_URL` | Backend base URL (e.g. a local dev server). |

## Resolution chains

The CLI resolves two things on every authenticated command:

<Steps>

<Step title="API key">

`--api-key` → `SCRIPTO_API_KEY` → the named profile (`--profile`) → the active profile.

</Step>

<Step title="Base URL">

`--api-url` → `SCRIPTO_API_BASE_URL` → the profile's `baseUrl` → production (`https://scripto.codika.io`).

</Step>

</Steps>

## Per-command overrides

Every authenticated command accepts:

| Flag | Purpose |
|---|---|
| `--json` | Emit the `{ success, data \| error }` envelope. |
| `--api-key <key>` | Override the stored key. |
| `--api-url <url>` | Point at a different backend. |
| `--profile <name>` | Use a specific stored profile. |

<Note>

Pointing the CLI at a local backend is just `--api-url http://localhost:5173` (or `SCRIPTO_API_BASE_URL`). When you complete an OTP login with `--api-url`, that base URL is persisted on the profile so later commands resolve the same backend without repeating the flag.

</Note>

## Next

- **[Auth](/cli/auth)** — the OTP flow that creates a profile.
- **[API keys](/concepts/api-keys)** — the key policy behind the stored credentials.
- **[Command reference](/cli/commands)** — the full surface.