Skip to content

feat: support multiple API keys (profiles) for managing multiple Dokploy organizations #44

Open
Open
feat: support multiple API keys (profiles) for managing multiple Dokploy organizations#44
@lamualfa

Description

@lamualfa
lamualfa
opened on Jun 5, 2026

Problem

The CLI currently stores a single {url, token} credential pair (via dokploy auth, env vars, or .env). There is no way to manage multiple organizations or multiple Dokploy instances without manually swapping credentials each time.

Current workaround: re-run dokploy auth -u <url> -t <token> or swap DOKPLOY_API_KEY / DOKPLOY_URL environment variables every time you need to target a different organization or server.

This is painful for users who:

  • Manage multiple Dokploy instances (e.g., staging vs production, or different clients)
  • Belong to multiple organizations within the same Dokploy instance (where API keys are org-scoped via the metadata.organizationId field in user.createApiKey)
  • Work in CI/CD pipelines that deploy to different environments

Proposed Solution

Introduce a profile system (similar to aws-cli profiles, kubectl contexts, or gcloud configurations).

CLI interface

# Save a named profile
dokploy auth --profile prod -u https://panel.example.com -t <api-key>
dokploy auth --profile staging -u https://staging.example.com -t <api-key>
dokploy auth --profile client-acme -u https://panel.example.com -t <org-scoped-key>

# List profiles
dokploy profiles list
#  * prod       https://panel.example.com
#    staging    https://staging.example.com
#    client-acme https://panel.example.com

# Switch active profile
dokploy profiles use staging

# Show current profile
dokploy profiles current

Config file (~/.dokploy/config.json)

{
  "currentProfile": "prod",
  "profiles": {
    "prod": {
      "url": "https://panel.example.com",
      "token": "<api-key>"
    },
    "staging": {
      "url": "https://staging.example.com",
      "token": "<api-key>"
    },
    "client-acme": {
      "url": "https://panel.example.com",
      "token": "<org-scoped-api-key>"
    }
  }
}

Key changes

  1. client.tsreadAuthConfig() resolves credentials in this order:

    • --profile <name> global flag (highest priority)
    • DOKPLOY_PROFILE env var
    • DOKPLOY_URL + DOKPLOY_API_KEY env vars (backward compatible)
    • Active profile from config (stored in ~/.dokploy/config.json or similar)
    • Legacy config.json next to the package (backward compatible)

  2. commands/auth.ts — Add optional --profile <name> flag. When omitted, saves to a default profile for backward compatibility.

  3. New profiles command grouplist, use, current, remove.

  4. Global --profile flag — Allow overriding the active profile on any command: dokploy --profile staging project list.

Benefits

  • Backward compatible: existing single-key usage continues to work unchanged
  • No credential juggling: switch contexts with one command instead of re-authenticating
  • CI/CD friendly: use DOKPLOY_PROFILE=staging dokploy project list or --profile staging
  • Aligns with server capabilities: the Dokploy server already supports org-scoped API keys; the CLI just needs a way to use them conveniently

Related

  • The server API already supports organization-scoped API keys via user.createApiKey with metadata.organizationId
  • 22 CLI commands already accept --organizationId flags, meaning the server is multi-org aware but the CLI auth layer is not

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions