bhatti user create
bhatti user create server only
Section titled “bhatti user create ”Create a user with an API key and per-user resource limits.
Synopsis
Section titled “Synopsis”sudo bhatti user create --name <name> [--max-sandboxes <n>] [--max-cpus <n>] [--max-memory <MB>]
Description
Section titled “Description”Allocates a new user record in the local SQLite database. The install
script already runs this once for admin during setup, so the first
time you’d call user create yourself is when you want to add a
teammate or a CI account.
Each user gets:
- A user ID (
usr_<8-hex>). - An API key (
bht_<64-hex>) — printed once, then only its SHA-256 hash is stored. Save the key immediately; it can’t be recovered. Useuser rotate-keyif it’s lost. - A subnet index — an integer assigned monotonically. The server uses it to derive a per-user
/24bridge network for sandbox isolation. You don’t need to think about it; it just shows up ininspectoutput. - Per-sandbox resource caps (
--max-cpus,--max-memory) and a per-user sandbox count cap (--max-sandboxes).
Records the user.created event in the audit log.
This is a server-only command — it operates directly on /var/lib/bhatti/state.db. Runs without the daemon needing to be up, but typically as sudo because the data dir is root-owned.
Examples
Section titled “Examples”sudo bhatti user create --name aliceUser created: ID: usr_a1b2c3d4 Name: alice Subnet: 2 API key: bht_abc123def456...
This key will not be shown again. Save it now.
For remote CLI use: bhatti setup --url https://your-server:8080 --token bht_abc123def456...# Custom limitssudo bhatti user create --name beefy \ --max-sandboxes 20 \ --max-cpus 8 \ --max-memory 16384Options
Section titled “Options”| Flag | Default | Description |
|---|---|---|
--name <string> | (required) | Username. Must be unique. |
--max-sandboxes <int> | 5 | Maximum concurrent sandboxes. |
--max-cpus <int> | 4 | Maximum vCPUs per sandbox (capped at create time). |
--max-memory <int> | 4096 | Maximum memory MB per sandbox (capped at create time). |
See Global flags for --url, --token, --json, --timing, --data-dir.
--data-dir is honoured here when you need to point at a non-default data directory.
See also
Section titled “See also”bhatti user listbhatti user rotate-key— replace a lost or compromised key- Users & auth — broader narrative on multi-tenant setup