Last modified June 21, 2026
'muster auth' command reference
muster auth manages authentication to a remote, OAuth-protected aggregator. Use it to log in, check your current identity and token status, and log out. For how OAuth works in Muster, see the security overview.
Usage
muster auth <subcommand> [flags]
Subcommands
| Subcommand | Description |
|---|---|
login | Authenticate to a Muster aggregator using OAuth |
status | Show authentication status |
whoami | Show the current authenticated identity |
logout | Clear stored authentication tokens |
Flags
These flags apply to every auth subcommand:
| Name | Description |
|---|---|
--endpoint | Endpoint URL to authenticate to |
--context | Use a named context. Reads MUSTER_CONTEXT when unset |
--config-path | Configuration directory. Defaults to ~/.config/muster |
--quiet, -q | Suppress non-essential output |
login flags
| Name | Description |
|---|---|
--all | Log in to the aggregator and every pending MCP server behind it |
--server | Name of an aggregator-managed MCP server to authenticate to |
--silent | Attempt silent re-auth using OIDC prompt=none. Needs IdP support, not available with Dex |
logout flags
| Name | Description |
|---|---|
--all | Clear all stored tokens |
--yes, -y | Skip the confirmation prompt for --all |
--server, -s | Name of an MCP server to disconnect |
Examples
Log in to a remote aggregator and to every MCP server that still needs authentication:
muster auth login \
--endpoint https://muster.<management-cluster>.<base-domain>/mcp --all
Authenticate to one downstream MCP server after the aggregator is connected:
muster auth login --server kubernetes
Related
- Access control - How identity maps to cluster permissions.
muster context- Manage the endpoints you authenticate to.
Need help, got feedback?
We listen to your Slack support channel. You can also reach us at support@giantswarm.io. And of course, we welcome your pull requests!