Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

tuna --login

Set up Cloudflare credentials for tunnel management.

Usage

tuna --login

What It Does

  1. Prompts for your Cloudflare API token
  2. Validates the token against Cloudflare API
  3. Fetches your account ID
  4. Prompts for your root domain
  5. Verifies domain access
  6. Stores credentials in ~/.config/tuna/

Interactive Flow

$ tuna --login
 
🔐 Tuna Login
 
Create a token at: https://dash.cloudflare.com/profile/api-tokens
Required permissions:
 Account Cloudflare Tunnel Edit
 Account Access: Apps and Policies Edit
 Zone DNS Edit
 Account Account Settings Read
 
? Enter your Cloudflare API token: ************************************
 Token validated
 Account ID: 699d98642c564d2e855e9661899b7252
 
? Enter your root domain (e.g., example.com): example.com
 Domain verified
 
 Credentials saved to ~/.config/tuna/
 
Next steps:
  1. Add to your package.json:
     {
       "tuna": {
         "forward": "my-app.example.com",
         "port": 3000
       }
     }
  2. Run: tuna npm run dev

Creating an API Token

  1. Go to Cloudflare API Tokens
  2. Click Create Token
  3. Click Create Custom Token
  4. Configure permissions:
SectionResourcePermission
PermissionsAccount - Cloudflare TunnelEdit
PermissionsAccount - Access: Apps and PoliciesEdit
PermissionsZone - DNSEdit
PermissionsAccount - Account SettingsRead
  1. Under Zone Resources, select your domain or "All zones"
  2. Click Continue to summaryCreate Token
  3. Copy the token immediately (it won't be shown again)

Credential Storage

Credentials are stored as JSON files in ~/.config/tuna/credentials/:

  • One file per domain: {domain}.json
  • Files created with 0600 permissions (owner read/write only)
  • Directory created with 0700 permissions

Multiple Domains

Run --login multiple times for different domains:

tuna --login  # Configure example.com
tuna --login  # Configure another-domain.com

Each domain's credentials are stored separately.

Updating Credentials

Run --login again to update credentials for a domain. The old credentials will be replaced.

Troubleshooting

"Invalid API token"

  • Check for typos when pasting
  • Ensure the token hasn't expired
  • Verify the token has all required permissions

"Domain not found"

  • Ensure the domain is added to your Cloudflare account
  • Check that your token has access to that zone
  • Use just the root domain (e.g., example.com, not www.example.com)

"Could not save credentials"

  • Check that ~/.config/tuna/ is writable
  • Verify disk permissions on your home directory

See Also