Skip to content

Configuration

The Escape CLI requires minimal configuration to get started. This guide covers authentication setup and optional configuration options.

Authentication

Obtaining Your API Key

  1. Navigate to your Escape user profile
  2. Locate the API Key section
  3. Copy your API key (it will look like: esc_xxxxxxxxxxxxxxxxxxxxxxxxxxxx)

API Key Security

Treat your API key as a sensitive credential. Never commit it to version control or share it publicly. Anyone with access to your API key can perform actions on your behalf in the Escape platform.

Setting the API Key

The Escape CLI authenticates using the ESCAPE_API_KEY environment variable.

Interactive Shell Sessions

Bash/Zsh (Linux/macOS):

export ESCAPE_API_KEY="esc_xxxxxxxxxxxxxxxxxxxxxxxxxxxx"

To make this persistent across sessions, add the export statement to your shell configuration file:

# Add to ~/.bashrc, ~/.zshrc, or ~/.profile
echo 'export ESCAPE_API_KEY="esc_xxxxxxxxxxxxxxxxxxxxxxxxxxxx"' >> ~/.bashrc
source ~/.bashrc

PowerShell (Windows):

$env:ESCAPE_API_KEY = "esc_xxxxxxxxxxxxxxxxxxxxxxxxxxxx"

For persistent configuration:

[System.Environment]::SetEnvironmentVariable('ESCAPE_API_KEY', 'esc_xxxxxxxxxxxxxxxxxxxxxxxxxxxx', 'User')

Command Prompt (Windows):

set ESCAPE_API_KEY=esc_xxxxxxxxxxxxxxxxxxxxxxxxxxxx

CI/CD Pipelines

Configure the API key as a secret environment variable in your CI/CD platform:

GitHub Actions:

env:
  ESCAPE_API_KEY: ${{ secrets.ESCAPE_API_KEY }}

GitLab CI:

variables:
  ESCAPE_API_KEY: $ESCAPE_API_KEY

Jenkins:

environment {
    ESCAPE_API_KEY = credentials('escape-api-key')
}

See CI/CD Integration for complete examples.

Docker Containers

Pass the API key as an environment variable:

docker run -e ESCAPE_API_KEY="${ESCAPE_API_KEY}" -it --rm escapetech/cli:latest version

Or use an environment file:

# .env file
ESCAPE_API_KEY=esc_xxxxxxxxxxxxxxxxxxxxxxxxxxxx

docker run --env-file .env -it --rm escapetech/cli:latest version

Verify Authentication

Test your authentication by listing available locations:

escape-cli locations list

If authentication is successful, you'll see your configured locations. If it fails, verify:

  1. The API key is correctly set in your environment
  2. The API key is valid and not expired
  3. Your network allows connections to the Escape API

Optional Configuration

Kubernetes Integration

The CLI automatically detects and integrates with Kubernetes environments. To disable this behavior:

export ESCAPE_K8S_INTEGRATION=false

When to disable:

  • Running in a containerized environment that's not Kubernetes
  • Experiencing conflicts with Kubernetes tooling
  • Reducing CLI startup time in non-Kubernetes environments

Default behavior:

  • ESCAPE_K8S_INTEGRATION=true - Enables Kubernetes integration (default)
  • ESCAPE_K8S_INTEGRATION=false - Disables Kubernetes integration

Output Formatting

Control the default output format for all commands:

export ESCAPE_OUTPUT_FORMAT=json

Supported formats:

  • table - Human-readable table format (default)
  • json - JSON format for scripting and parsing
  • yaml - YAML format for configuration management

You can override this per command using the --output or -o flag:

escape-cli locations list --output json

Logging and Debug Mode

Enable verbose logging for troubleshooting:

export ESCAPE_LOG_LEVEL=debug

Log levels:

  • error - Only error messages
  • warn - Warnings and errors
  • info - Informational messages (default)
  • debug - Detailed debug information

Configuration Best Practices

Development Environments

Create a .env file in your project directory (ensure it's in .gitignore):

# .env
ESCAPE_API_KEY=esc_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
ESCAPE_OUTPUT_FORMAT=json
ESCAPE_LOG_LEVEL=info

Load it before running commands:

# Load environment variables
source .env

# Run CLI commands
escape-cli scans list

Production Environments

  1. Use Secret Management: Store API keys in a secure secret management system (AWS Secrets Manager, HashiCorp Vault, etc.)
  2. Rotate Keys Regularly: Generate new API keys periodically and update your configuration
  3. Least Privilege: Use API keys with the minimum required permissions for each use case
  4. Audit Access: Monitor API key usage through the Escape platform

Team Environments

  1. Individual API Keys: Each team member should use their own API key for traceability
  2. Service Accounts: Create dedicated API keys for automated systems and CI/CD pipelines
  3. Documentation: Document which API keys are used in which environments

Configuration Files

The Escape CLI currently uses environment variables for configuration. Configuration file support may be added in future versions.

Proxy Configuration

If your environment requires an HTTP proxy, configure it using standard environment variables:

export HTTP_PROXY=http://proxy.example.com:8080
export HTTPS_PROXY=http://proxy.example.com:8080
export NO_PROXY=localhost,127.0.0.1

The CLI will automatically use these proxy settings for all API requests.

Troubleshooting

Authentication Failures

Error: "Invalid API key"

  • Verify the API key is correctly copied from your profile
  • Check for extra spaces or newlines in the environment variable
  • Ensure the API key hasn't been revoked

Error: "API key not found"

  • Confirm the ESCAPE_API_KEY environment variable is set
  • Check the variable is available in the current shell session: echo $ESCAPE_API_KEY

Connection Issues

Error: "Connection timeout"

  • Verify network connectivity to api.escape.tech
  • Check firewall rules allow outbound HTTPS connections
  • Confirm proxy settings if applicable

Error: "SSL certificate verification failed"

  • Ensure system certificates are up to date
  • Check for corporate SSL inspection that may interfere with API calls

Permission Errors

Error: "Insufficient permissions"

  • Verify your API key has the required permissions
  • Contact your Escape organization administrator to adjust permissions

Next Steps

With authentication configured, proceed to Getting Started to learn essential CLI commands and workflows.