# Stripe CLI keys and permissions

Learn about default Stripe CLI keys and permissions.

For more details, see the [Stripe CLI reference](https://docs.stripe.com/cli.md).

By default, you can use your account’s [secret keys](https://docs.stripe.com/keys.md#secret-and-restricted-keys) to perform any API request without restriction. When you run the `stripe login` command to authenticate to the Stripe CLI, the CLI generates a set of restricted keys for your account (one for a sandbox, one in live mode) that are valid for 90 days.

## Restricted keys

Unlike an API secret key, a restricted key generated by the Stripe CLI has restrictions on the API requests that it can perform. You can create new restricted keys in the Dashboard with different restrictions, or specify any API key using the `--api-key` flag.

### View your keys

The CLI stores your keys in the **Restricted keys** section on the [API keys](https://dashboard.stripe.com/apikeys) page, and on your local machine in `~/.config/stripe/config.toml`.

### View your permissions

Use these steps to view the permissions associated with your restricted key:

1. Open the [API keys](https://dashboard.stripe.com/apikeys) page.
1. Scroll down to the **Restricted keys** section.
1. Hover over the **Info** icon (:info:) next to your **CLI key** name to view permissions.

## Specify an API key

Use the `--api-key` flag to specify your API secret key inline each time you send a request:

```bash
stripe login --api-key <<YOUR_SECRET_KEY>>
```