confluent login


Confluent Cloud:

Log in to Confluent Cloud using your email and password, or using single sign-on (SSO) credentials.

Email and password login can be accomplished non-interactively using the CONFLUENT_CLOUD_EMAIL and CONFLUENT_CLOUD_PASSWORD environment variables.

Email and password can also be stored locally for non-interactive re-authentication with the --save flag.

SSO login can be accomplished headlessly using the --no-browser flag, but non-interactive login is not natively supported. Authentication tokens last 8 hours and are automatically refreshed with CLI client usage. If the client is not used for more than 8 hours, you have to log in again.

Log in to a specific Confluent Cloud organization using the --organization-id flag, or by setting the environment variable CONFLUENT_CLOUD_ORGANIZATION_ID.

Confluent Platform:

Log in to Confluent Platform with your username and password, the --url flag to identify the location of your Metadata Service (MDS), and the --ca-cert-path flag to identify your self-signed certificate chain.


In a non-interactive login, CONFLUENT_PLATFORM_MDS_URL replaces the --url flag, and CONFLUENT_PLATFORM_CA_CERT_PATH replaces the --ca-cert-path flag.

Even with the environment variables set, you can force an interactive login using the --prompt flag.

confluent login [flags]


--url string               Metadata Service (MDS) URL, for on-prem deployments.
--ca-cert-path string      Self-signed certificate chain in PEM format, for on-prem deployments.
--no-browser               Do not open a browser window when authenticating via Single Sign-On (SSO).
--organization-id string   The Confluent Cloud organization to log in to. If empty, log in to the default organization.
--prompt                   Bypass non-interactive login and prompt for login credentials.
--save                     Save username/password (non-SSO) credentials to the .netrc file in your $HOME directory. Use the flag to get automatically logged back in when your token expires, after one hour for Confluent Cloud or after six hours for Confluent Platform.

Global Flags

-h, --help            Show help for this command.
    --unsafe-trace    Equivalent to -vvvv, but also log HTTP requests and responses which may contain plaintext secrets.
-v, --verbose count   Increase verbosity (-v for warn, -vv for info, -vvv for debug, -vvvv for trace).


Log in to Confluent Cloud.

confluent login

Log in to a specific organization in Confluent Cloud.

confluent login --organization-id 00000000-0000-0000-0000-000000000000

Log in to Confluent Platform with a MDS URL.

confluent login --url http://localhost:8090

Log in to Confluent Platform with a MDS URL and CA certificate.

confluent login --url http://localhost:8090 --ca-cert-path certs/my-cert.crt

See Also