Prelude made major changes to the platform authentication the week of March 24 2025. This included the deprecation of legacy token based authentication. In the weeks before the update, Prelude asked users to upgrade the CLI to migrate the keychain file format prior to the platform upgrade. In the event a user did not upgrade the CLI prior to the platform upgrade, the user will need to manually update their keychain file.
The keychain file needs to be updated with the user handle (email address).
Where is my keychain?
macOS/Linux - $HOME/.prelude/keychain.ini
Windows - %USERPROFILE%\.prelude\keychain.ini
Original keychain.ini format/contents
[myexample]
hq = https://api.us1.preludesecurity.com
account = aa12345ef5276ccf181b55a5c3c01199
token = 12345678-cf00-45e9-a731-cfa70d52bec4
Updated keychain.ini
[myexample]
hq = https://api.us1.preludesecurity.com
account = aa12345ef5276ccf181b55a5c3c01199
handle = someone@preludesecurity.com
The ini must include the user handle and the token is no longer valid/used and can be removed. We have also added OIDC support for the CLI, if OIDC is used for the user account (handle) than the INI would look like this:
Updated keychain.ini for OIDC login
[myexample]
hq = https://api.us1.preludesecurity.com
oidc = custom
handle = someone@preludesecurity.com
account = aa04201ef5276ccf181b55a5c3c01199
slug = production-prelude-company
NOTE: The default oidc slug is the account number, if you dont remember your slug you can view it in your Prelude console by navigating to Settings and "OpenID Connect Settings".
NOTE: The value for oidc should be "custom" for SSO, "google" for Google social login or not present if not using OIDC, though any other value is considered "not present".