FQL v4 will be decommissioned on June 30, 2025. Ensure that you complete your migration from FQL v4 to FQL v10 by that date.

For more details, see the v4 EOL announcement and migration guide. Contact support@fauna.com with any questions.


Create a Fauna endpoint in the configuration file based on your Fauna credentials.


fauna cloud-login [OPTIONS]


The cloud-login command prompts you for your Fauna credentials, and if you authenticate successfully, creates a cloud endpoint in the configuration file that you can use to query your top-level Fauna database.

There are several prompts that help you to create endpoints that work with region groups, GitHub and Netlify authentication, or secrets for existing databases:

  • Endpoint alias prefix: Since the introduction of region groups, you might need to access databases in multiple Region Groups. This prompt asks you for a prefix that can be applied to multiple Region Group endpoints.

  • How do you prefer to authenticate?: This prompt asks you for your authentication preference:

    • Email and Password: You can use your Fauna Dashboard credentials to authenticate.

      When you choose this option, you are then asked for your email address and password.

    • Secret: You can use a secret for an existing database, similar to how your client applications would authenticate.

      When you choose this option, you are then asked for a secret, which is the authentication bearer token acquired by creating a key or token.

      You are then asked which Region Group to connect to, EU, or US. The secret is associated with a database in a region: if you choose incorrectly, a "could not connect" error displays and you are prompted for your secret again.

  • Multi-factor authentication: When multi-factor authentication (MFA) is enabled for your account in the Dashboard, the cloud-login function prompts you for the current (time-based) multi-factor authentication code — you can see the current code in your authenticator app. If you do not enter the correct code, cloud-login exits with an error. Note that this does not occur when you authenticate using a secret.

  • Default endpoint: When your fauna-shell configuration file has an existing endpoint, you are asked whether the new endpoint that cloud-login creates should be made the default.


Option Description


Optional Fauna server domain, that is, the hostname where Fauna is running. Defaults to db.fauna.com.


Optional name of the endpoint to use for the command.


Optional connection port. Defaults to 8443.


Optional connection scheme. Must be one of https or http. Defaults to https.


Optional secret to use. A secret authenticates your connection to Fauna, and connects you to a database.


Optional connection timeout, an integer number of milliseconds. When the interval has elapsed, fauna-shell stops waiting for a response and displays an error.

The default is zero, which means that fauna-shell waits until a response is received.


The following example demonstrates the use of cloud-login, and the prompts for email/secret and password:

$ fauna cloud-login
? The endpoint alias prefix (to combine with a region): cloud
? How do you prefer to authenticate? Email and Password
? Email address: docs@fauna.com
? Password: [hidden]
? Enter your multi-factor authentication code 377277
? Endpoints created. Would you like to set one of them as default? Keep 'cloud'
endpoint as default
Endpoint 'cloud' set as default endpoint.

After a successful login, your configuration file now has a cloud endpoint that includes the secret to access your top-level database. The configuration file should resemble:



Is this article helpful? 

Tell Fauna how the article can be improved:
Visit Fauna's forums or email docs@fauna.com

Thank you for your feedback!