Skip to main content

Documentation Index

Fetch the complete documentation index at: https://fireblocks-43c4b3ee-chore-add-cli.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

The CLI authenticates to the Fireblocks API using the same JWT-signing mechanism as the official SDKs: each request is signed with your RSA private key and identified by your API key.

Prerequisites

You need:
  • A Fireblocks API key — obtained from the Fireblocks Console under Developer Center > API Users
  • An RSA private key — the .key file generated when creating the API user
See Quickstart for instructions on creating an API user and generating a key pair.

Credential Resolution Order

The CLI resolves credentials in priority order:
  1. CLI flags--api-key and --secret-key passed directly on the command line
  2. Environment variablesFIREBLOCKS_API_KEY and FIREBLOCKS_SECRET_KEY (or FIREBLOCKS_SECRET_KEY_PATH)
  3. Config file profile — stored in ~/.config/fireblocks/config.json
If no credentials are found, the CLI exits with an error and instructions for how to configure them.

Interactive Setup

The easiest way to configure credentials is the interactive configure command: 
fireblocks configure
This prompts for your API key, the path to your private key file, and optionally a base URL override. Credentials are written to ~/.config/fireblocks/config.json with file permissions 0600. To configure a named profile: 
fireblocks configure --profile staging
To switch the default profile: 
fireblocks configure --set-default=staging

Config File Format

{
  "defaultProfile": "default",
  "profiles": {
    "default": {
      "apiKey": "your-api-key",
      "privateKeyPath": "/path/to/fireblocks_secret.key"
    },
    "staging": {
      "apiKey": "staging-api-key",
      "privateKeyPath": "/path/to/staging_secret.key",
      "baseUrl": "https://sandbox-api.fireblocks.io"
    }
  }
}

Environment Variables

For CI/CD pipelines and non-interactive environments, set credentials as environment variables:
VariableDescription
FIREBLOCKS_API_KEYYour Fireblocks API key
FIREBLOCKS_SECRET_KEYRSA private key — inline PEM content or a file path
FIREBLOCKS_SECRET_KEY_PATHFile path to your RSA private key (alternative to FIREBLOCKS_SECRET_KEY)
FIREBLOCKS_BASE_URLBase URL override (default: https://api.fireblocks.io)
export FIREBLOCKS_API_KEY="your-api-key"
export FIREBLOCKS_SECRET_KEY_PATH="/path/to/fireblocks_secret.key"

fireblocks vaults get-paged-vault-accounts
You can also pass inline PEM content directly — useful when pulling key material from a secrets manager: 
export FIREBLOCKS_SECRET_KEY="-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAK...
-----END RSA PRIVATE KEY-----"

CLI Flags

Pass credentials directly on the command line to override environment variables and the config file: 
fireblocks vaults get-paged-vault-accounts \
  --api-key "your-api-key" \
  --secret-key "/path/to/fireblocks_secret.key"
--secret-key accepts either a file path or an inline PEM string.

Multiple Profiles

Use profiles to manage multiple workspaces or environments: 
# Configure a sandbox profile
fireblocks configure --profile sandbox

# Use the sandbox profile for a command
fireblocks vaults get-paged-vault-accounts --profile sandbox

API Base URL

The default base URL is https://api.fireblocks.io. Override it per command, in a profile, or via FIREBLOCKS_BASE_URL.
EnvironmentBase URL
US Mainnet / Testnethttps://api.fireblocks.io (default)
US Sandboxhttps://sandbox-api.fireblocks.io
EU Mainnet / Testnethttps://eu-api.fireblocks.io
EU2 Mainnet / Testnethttps://eu2-api.fireblocks.io
fireblocks vaults get-paged-vault-accounts \
  --base-url https://sandbox-api.fireblocks.io

Verify Your Setup

Run whoami to confirm credentials are configured correctly and that the API key can authenticate: 
fireblocks whoami
This calls GET /v1/users/me and returns the masked API key, base URL, and user details on success. To preview the resolved auth context without making a network call: 
fireblocks whoami --dry-run