Install
Install
- Mac/Linux/Windows WSL
- npm/yarn/pnpm
- Windows PowerShell
💡 Recommended: one-click installation script
Installation can be completed in just seconds (compared to npm installation which typically takes minutes), delivering a faster and more convenient experience:
curl https://static.cloudbase.net/cli/install/install.sh -fsS | bash
npm
npm i -g @cloudbase/cli
yarn
yarn global add @cloudbase/cli
pnpm
pnpm add -g @cloudbase/cli
Installation Error:
If you encounter issues accessing the official npm source, typically during installation with errors such as "ETIMEOUT" or "npm ERR! network request to https://registry.npmjs.org/@cloudbase%2fcli failed", temporarily specify a domestic npm mirror source:
npm i -g @cloudbase/cli --registry=http://mirrors.cloud.tencent.com/npm/
yarn global add @cloudbase/cli --registry=http://mirrors.cloud.tencent.com/npm/
irm https://static.cloudbase.net/cli/install/install.ps1 | iex
Sign In
After installation, you need to log in before you can start using CloudBase CLI. CloudBase CLI provides multiple login methods; choose an appropriate method based on your usage scenario.
- Cloud Development Console Authorization
- Cloud API Key Authorization
- CI Environment Login
- Temporary Key Login
💡 Recommended: Suitable for individual developers:
tcb login
CloudBase CLI will automatically open the Cloud Development Console to obtain authorization. You need to click the Agree Authorization button to allow CloudBase CLI to acquire permissions. If you are not logged in, you will need to log in before performing this operation.
Suitable for scenarios requiring higher permission control:
tcb login --key
Press Enter, then enter the SecretId and SecretKey of your Cloud API Key as prompted to complete the login.
⚠️ Note: Tencent Cloud API keys can access all resources under your account. Please securely store and regularly rotate your keys. When replacing keys, promptly delete the old ones.
First, you need to go to Cloud Development Platform / Cloud API Key to obtain the key.
Suitable for use in continuous integration (CI) environments to avoid interactive input:
tcb login --apiKeyId xxx --apiKey xxx
Suitable for sensitive scenarios using keys with short-term validity:
tcb login --apiKeyId xxx --apiKey xxx --token xxx
Sub-Account Authorization
Sub-accounts can access Cloud Development resources only after being authorized by the primary account. By default, sub-accounts have no access to Cloud Development resources. Therefore, when logging into the Cloud Development console with a sub-account, users will be unable to access Cloud Development resources.
In this case, you need to add preset policies to the sub-account to access Cloud Development resources. The specific steps are as follows:
- Log in to the CAM console and choose User > User List from the left menu.
- Go to the User List page and click [New User].
- Go to the New User page and fill in the relevant user information according to the prompts.
- After completing the information, go to the policy list and select the TCB preset authorization policy.
- Click [Done] to complete creating the sub-account.
In addition to adding policies during sub-account creation as described above, you can also grant permissions by associating policies with users. For details, refer to the Authorization Management guide.
TCB preset policy
You can use the following preset policies to grant relevant permissions to your sub-account:
| Policy | Description |
|---|---|
QcloudAccessForTCBRole | This policy grants Cloud Development (TCB) access permissions to cloud resources. |
QcloudAccessForTCBRoleInAccessCloudBaseRun | This policy is used for association with the Cloud Development (TCB) service role (TCB_QcsRole), enabling TCB to access other cloud service resources. It includes operation permissions related to Virtual Private Cloud (VPC) and Cloud Virtual Machine (CVM). |
This permission includes full read and write permissions for underlying resources such as Object Storage, Cloud Functions, Logs, Monitoring, and VPC. Once this policy is added to a sub-account, it will mean that the sub-account owns the aforementioned resources and automatically gains full read and write permissions for subsequently added resources. Therefore, please choose carefully. For details, click the permission name to view the permission rules.
The following preset policies grant sub-accounts read-only access to CAM when you use TCB services. After authorizing QcloudCamReadOnlyAccess for a sub-account, the sub-account can log in using CLI tools via web authorization; without authorization, only the sub-account's API keys can be used for login. You can enable this for sub-accounts as needed:
| Policy | Description |
|---|---|
QcloudCamReadOnlyAccess | This policy grants read-only access to Cloud Access Management (CAM). |
AI Development
Use tcb ai to enable AI development.
tcb ai
All Commands
Use tcb -h to list all available commands.
tcb -h
[Optional] Using a Proxy
When using CloudBase CLI, your terminal needs to be able to access the public network. If your terminal cannot directly access the public network, you can configure an HTTP proxy to enable normal CLI usage. The CLI reads the http_proxy or HTTP_PROXY environment variables to automatically set up the network proxy service.
For example, you can run the following command in the terminal to configure the CLI to access the network via the proxy service at http://127.0.0.1:8000:
export HTTP_PROXY=http://127.0.0.1:8000
http://127.0.0.1:8000 is just an example; do not use it directly. The specific proxy configuration depends on your network setup.
The above command only sets a temporary configuration. After you close the terminal, the proxy will automatically become invalid. You will need to reconfigure it the next time you open the terminal. If you require persistent proxy access to the public network, add the command to your terminal's configuration file.