Home Getting Started

Getting Started

Set up your first Prism organization and service account in minutes.

Prerequisites

Starting the server

Run the server with default settings (SQLite database, port 3000):

cargo run -p prism-server

The server stores its database at prism.db in the current directory. All API endpoints are available under /api/v1/.

Step-by-step setup

  1. Create an organization

    Every resource in Prism lives inside an organization. Create your first one and set an admin username and password. 

    prism organizations create \
  --name "My Org" \
  --admin-username admin \
  --admin-password changeme

    Note the slug in the response — you will use it to log in.

  2. Log in as the organization admin

    Authenticate with the org slug and admin credentials. The CLI saves the returned JWT for subsequent requests under the default profile. 

    prism auth login \
  --org my-org \
  --username admin \
  --password changeme

  3. Create a project

    Projects group service accounts, stores, and policies within an organization. 

    prism projects create --name "my-project"

  4. Create a service account

    Service accounts are machine identities tied to a project.

    prism service-accounts create \
  --project my-project \
  --name deployer

  5. Create an API key for the service account

    API keys allow a service account to authenticate without a signed JWT.

    prism service-accounts api-keys create \
  --project my-project \
  --service-account-id deployer \
  --description "CI key"

    Copy the returned key — it is only shown once.

  6. Authenticate as the service account

    Exchange the API key for a Prism JWT and verify the identity.

    # Log in with the API key (saves a token to the current profile)
prism auth sa-login-with-apikey \
  --api-key "prism_<your_key>"

# Check who you are
prism auth caller-identity

    The response shows the service account's canonical subject, org, and project.

Next steps