Skip to content
q15

Auth (q15-auth)

q15-auth is the interactive bootstrap tool for generating and inspecting auth.json. It is an operator tool — it runs on your machine, not inside the runtime containers.

Commands

Section titled “Commands”
Terminal window
# Start the OAuth login flow
q15-auth login --auth-path ./auth.json


# Check current auth status
q15-auth status --auth-path ./auth.json


# Log out and revoke credentials
q15-auth logout --auth-path ./auth.json

Where the output goes

Section titled “Where the output goes”

auth.json is consumed by q15-agent at runtime at /etc/q15/auth/auth.json.

For Docker Compose

Section titled “For Docker Compose”

Put the resulting auth.json in the directory mounted at /etc/q15/auth. Do not single-file bind-mount auth.jsonq15-auth and the agent write credentials atomically by replacing the file, so the directory must be writable.

For Kubernetes

Section titled “For Kubernetes”

Store auth.json as the auth.json key in the agent auth Secret.

What it provides

Section titled “What it provides”

q15-auth handles the OpenAI OAuth flow for openai-codex providers. The resulting auth.json contains credentials that the agent uses at runtime. When OpenAI OAuth refreshes rotate credentials, the agent updates auth.json in place.

Providers that use key_env (like openai-compatible or ollama cloud) do not need auth.json — their secrets come from environment variables.