-
-
Notifications
You must be signed in to change notification settings - Fork 5
Login
rhoopr edited this page Apr 13, 2026
·
3 revisions
Authenticate with iCloud and validate your session. Doesn't download anything.
Replaces the deprecated --auth-only flag.
# Interactive login - prompts for 2FA code
kei login -u my@email.address
# Headless / Docker - two-step flow
kei login get-code -u my@email.address
kei login submit-code 123456 -u my@email.address| Subcommand | Description |
|---|---|
| (none) | Authenticate interactively. Prompts for a 2FA code if needed. |
get-code |
Request a 2FA code be pushed to your trusted devices. |
submit-code <code> |
Submit a 6-digit 2FA code non-interactively. |
Running kei login without a subcommand handles the full flow: SRP-6a authentication, 2FA prompt, and session persistence. If the session is already valid, it exits immediately.
For Docker or cron environments where there's no TTY, split the flow into two steps:
- Run
kei login get-codeto trigger a 2FA push to your trusted Apple devices. - Read the code from your device, then run
kei login submit-code 123456.
The code accepts spaces and dashes (e.g., 123 456 or 123-456) - only the 6 digits matter.
See Docker for the full headless setup workflow.
Global flags (--username, --config, --data-dir, --domain, --log-level) apply to this command.
| Flag | Description |
|---|---|
-p, --password |
iCloud password |
--password-file |
Read password from a file |
--password-command |
Run a command to get the password |