中文English
Get started

one configure

Manage machine-level endpoint profiles for Infisical, object storage, Kubernetes, Vercel, Cloudflare, EdgeOne, and Docker registries.

6 min readUpdated 3 days agoEdit on GitHub

one configure manages machine-level profiles, not application code. Profiles hold endpoints and credentials used later by one env, one container, one deploy, and one run.

Usage

one configure
one configure add
one configure add <pair> --profile <name> [backend flags...] [--use]
one configure list [pair]
one configure current [pair]
one configure show <pair> --profile <name> [--reveal]
one configure use <pair> --profile <name>
one configure remove <pair> --profile <name>
one configure locale [auto|zh-CN|en-US]

Bare one configure and one configure add open the interactive wizard. Scripts, CI, and agents should pass <pair>, the profile name, and backend flags explicitly.

Interactive Mode

For local human setup, use the wizard:

one configure
one configure add

The wizard first asks which (domain, backend) to configure, such as env/infisical, deploy/aws-s3, or container/docker. Then it asks for profile name, endpoint, token, access keys, kubeconfig, or registry fields as needed. Secret fields use password-style input.

Scripts, CI, and agents should not wait for the wizard; pass the pair, profile name, and backend flags explicitly.

Supported pairs

pairpurpose
env/infisicalInfisical site URL + Universal Auth client id / secret
deploy/aliyun-ossAliyun OSS object storage
deploy/tencent-cosTencent COS object storage
deploy/aws-s3AWS S3
deploy/minioself-hosted MinIO
deploy/rustfsself-hosted RustFS
deploy/r2Cloudflare R2
deploy/kustomizeKubernetes kubeconfig + context
deploy/vercelVercel API token
deploy/cloudflareCloudflare API token
deploy/edgeoneTencent EdgeOne Pages API token
container/dockerGeneric Docker registry host, namespace, username, password
container/dockerhubDocker Hub username, password/token, namespace
container/ghcrGitHub Container Registry username, PAT, namespace
container/acrAliyun ACR region, username, password/token, namespace

env/dotenv does not need a profile; it is for local .env workflows. The S3-compatible deploy backends share one profile shape, but each provider has its own backend ID.

Examples

one configure add env/infisical --profile work \
  --client-id "$INFISICAL_CLIENT_ID" \
  --client-secret "$INFISICAL_CLIENT_SECRET" \
  --use

one configure add deploy/aws-s3 --profile web-prod \
  --region us-east-1 \
  --access-key-id "$AWS_ACCESS_KEY_ID" \
  --access-key-secret "$AWS_SECRET_ACCESS_KEY" \
  --use

one configure add deploy/kustomize --profile prod-k8s \
  --kubeconfig ~/.kube/config \
  --kubeconfig-context prod \
  --use

one configure add container/ghcr --profile ghcr \
  --namespace "$GITHUB_USER" \
  --username "$GITHUB_USER" \
  --password "$GHCR_PAT" \
  --use

Resolution order

When a command needs a profile, it resolves in this order:

  1. --profile <name>
  2. project / workspace profile pins in one.manifest.json
  3. ~/.config/one/config.json#domain/backend.default

The same profile name can exist under different backends, for example prod under both deploy/aws-s3 and deploy/kustomize.

Storage

~/.config/one/
├── config.json         # non-secret fields: endpoint, region, default pointer
├── credentials.json    # secrets: clientSecret, accessKeySecret, password
└── cache/              # short-lived token cache

Both JSON files are written as 0600. show masks secrets by default; only show --reveal prints cleartext.

Output schemas

commandschema
addone-cli/configure-add/v1
list <pair>one-cli/configure-list/v1
listone-cli/configure-list-all/v1
current <pair>one-cli/configure-current/v1
currentone-cli/configure-current-all/v1
showone-cli/configure-show/v1
useone-cli/configure-use/v1
removeone-cli/configure-remove/v1

Common errors

codefix
PROFILE_NONE_CONFIGUREDrun one configure add <pair> --profile <name> --use
PROFILE_NOT_FOUNDrun one configure list <pair> and use an existing name
PROFILE_BACKEND_INVALIDuse a profile whose backend matches the target project
PROFILE_FILE_INVALIDrepair or delete ~/.config/one/config.json / credentials.json, then recreate profiles
PROFILE_VERSION_UNSUPPORTEDrecreate old configs under the current (domain, backend) layout

Next

one env

Full reference for multi-environment variables: set / get / list / pull.

one templates

List available templates and their metadata.

On this page

UsageInteractive ModeSupported pairsExamplesResolution orderStorageOutput schemasCommon errorsNext
Edit this pageReport an issue