Iris
CLI & CI/CD

API keys

Project-scoped keys that authenticate the CLI and CI integrations.

API keys authenticate non-interactive callers — the CLI and anything else hitting the CI endpoints. Keys are scoped to a single project.

Creating a key

  1. Open the project's settings page (you need the project owner or admin role).
  2. Create a key with a descriptive name (e.g. github-actions), a role, and an optional expiry date.
  3. Copy the raw key — it starts with iris_ and is shown exactly once. Iris stores only a hash; the key can never be retrieved again.

Store it in your CI provider's secret store (e.g. a GitHub Actions secret named IRIS_KEY).

Roles

RoleIntended use
CITrigger runs and poll their status — what pipelines need
ADMINElevated programmatic access to the project

Use CI for pipelines; grant ADMIN only where strictly necessary.

Managing keys

The settings page lists each key's name, prefix, role, last-used time, and expiry. Revoking a key deletes it immediately — callers using it start receiving authentication errors on their next request.

Treat keys like passwords: one key per integration, set expiry dates where you can, and revoke keys you no longer use.

CLI reference

Trigger Iris test runs from any pipeline with the iris CLI.

GitHub Actions

Gate your pipeline on Iris test results.

On this page

Creating a keyRolesManaging keys