plnk stores automation/AI-oriented CLI credentials separately from plnk-tui's human login hints. Running plnk init configures the CLI only; plnk-tui has its own first-run prompt and config.
Credentials are resolved in this order — first match wins:
| Priority | Method | Server | Token |
|---|---|---|---|
| 1 | CLI flags | --server <url> |
--token <token> |
| 2 | Environment | PLANKA_SERVER |
PLANKA_TOKEN |
| 3 | Config file | ~/.config/plnk/config.toml |
~/.config/plnk/config.toml |
The config file location honors XDG_CONFIG_HOME on every OS and can be overridden with PLANKA_CONFIG=<path>. On Unix, the file is written with 0600 permissions.
Planka uses an X-API-Key header under the hood for plnk API-token calls — not Bearer, not Authorization.
First-time setup:
plnk initWalks through server URL, API token (masked), and optional HTTP tuning. Re-running is safe — existing values are shown as defaults.
Exchanges credentials for a token and stores it in the config:
plnk auth login --server https://planka.example.com
# Prompts for email and passwordplnk auth token set <token> --server https://planka.example.comexport PLANKA_SERVER=https://planka.example.com
export PLANKA_TOKEN=your-api-key
plnk project listplnk auth whoami # show current user
plnk auth status # show credential source + validity
plnk auth logout # delete stored credentialsstatus always exits 0 (informational). whoami exits 3 on auth failure, making it useful for scripts that need to verify credentials before proceeding.
plnk-tui is for an interactive human session and does not implicitly read this CLI config. On first run it prompts for server, username, and password, then can save only the non-secret server + username to ~/.config/plnk-tui/config.toml. It never saves the password.