Every request to the Vast.ai API requires an API key. The CLI stores your key locally and includes it automatically in every command. This page covers how to set up, verify, and manage API keys through the CLI.
Set Your API Key
After creating a key from the Keys page, store it locally:
vastai set api-key YOUR_API_KEY
~/.config/vastai/vast_api_key (or $XDG_CONFIG_HOME/vastai/vast_api_key if that env var is set). All subsequent commands use it automatically.
Environment Variable (CI/CD)
Instead of storing the key in a file, you can set it as an environment variable:
export VAST_API_KEY="your_api_key_here"
If you previously used an older version of the CLI, your key may be at the legacy location
~/.vast_api_key. The CLI migrates it automatically to ~/.config/vastai/vast_api_key on next
run, so no manual action is needed.
Verify Your Key
Confirm your key works by fetching your account info:
A successful response includes your user ID, email, and balance:
{
"id": 123456,
"email": "you@example.com",
"credit": 25.00,
"ssh_key": "ssh-rsa AAAAB3..."
}
If you get an authentication error, double-check your API key. The most common causes are a typo, an expired key, or a scoped key that lacks the required permission for the command you’re running.
Create an API Key
You can create new keys from the CLI:
vastai create api-key --name "ci-deploy-key"
vastai create api-key --name "ci-deploy-key" --permission_file perms.json
View and Delete Keys
List all API keys on your account:
View a specific key’s details by ID:
Delete a key:
Key Expiration
API keys do not expire by default. You can revoke a key at any time from the Keys page or with vastai delete api-key.
Treat your API key like a password. Do not commit keys to version control or share them in plaintext. If a key is compromised, revoke it immediately and create a new one.
