Phala Cloud CLI Reference
A command-line tool for managing Trusted Execution Environment (TEE) deployments on Phala Cloud, from local development to cloud deployment.
Last updated
Was this helpful?
A command-line tool for managing Trusted Execution Environment (TEE) deployments on Phala Cloud, from local development to cloud deployment.
Last updated
Was this helpful?
Bun for runtime and package management
TypeScript for type safety
Commander.js for CLI interface
Zod for runtime validation
Install via npm or use npx/bunx
To deploy applications to Phala Cloud, you'll need an API key:
After logging in, navigate to the "API Keys" section in your profile
Create a new API key with an appropriate name (e.g., "CLI Access")
Copy the generated API key - you'll need it for authentication
You can verify your API key using:
Provide a name and select from the drop down of examples
Develop and test your application locally with the built-in TEE simulator:
Deploy your application to Phala's decentralized TEE Cloud:
Private Trading Algorithms: Execute proprietary trading strategies without revealing algorithms
Secure Multi-Party Computation: Perform financial calculations across organizations without exposing sensitive data
Compliant Data Processing: Process regulated financial data with provable security guarantees
Medical Research: Analyze sensitive patient data while preserving privacy
Drug Discovery: Collaborate on pharmaceutical research without exposing intellectual property
Health Record Processing: Process electronic health records with HIPAA-compliant confidentiality
Secure Key Management: Generate and store cryptographic keys in hardware-protected environments
Threat Intelligence Sharing: Share cyber threat data across organizations without exposing sensitive details
Password Verification: Perform credential validation without exposing password databases
Confidential Analytics: Process sensitive business data without exposure to cloud providers
IP Protection: Run proprietary algorithms and software while preventing reverse engineering
Secure Supply Chain: Validate and process sensitive supply chain data across multiple organizations
Private Smart Contracts: Execute contracts with confidential logic and data
Decentralized Identity: Process identity verification without exposing personal information
Trustless Oracles: Provide verified external data to blockchain applications
The Phala Cloud CLI is organized around core workflows:
Authentication: Connect to your Phala Cloud account
TEEPod Info: Fetch information about TEEPods (TEEPods are where your docker apps deploy to)
Docker Management: Build and manage Docker images for TEE
TEE Simulation: Local development environment
Cloud Deployment: Deploy to production and manage TEE Cloud deployments
Timelock Encryption: Encrypt messages that can only be decrypted after a specified time
Light Client: A lightweight blockchain client implementation
SSH Over TEE Proxy: Secure SSH tunneling through a TEE
Web Shell: Browser-based secure terminal
Custom Domain: Deploy with your own domain name
Private Docker Image: Deploy using private Docker registries
The TEE Cloud CLI employs several security measures:
Encrypted Credentials: API keys and Docker credentials are stored with encryption using a machine-specific key
Restricted Permissions: All credential files are stored with 0600 permissions (user-only access)
No Validation Storage: API keys are not validated during login, preventing unnecessary transmission
Local Storage: All credentials are stored locally in the ~/.phala-cloud/ directory
Common issues and solutions:
Docker Build Fails
Verify Docker daemon is running
Check Dockerfile path
Ensure proper permissions
Simulator Issues
Check if port 8090 is available
Verify Docker permissions
Cloud Deployment Fails
Validate API key
Confirm image exists on Docker Hub
Check environment variables
For detailed help:
Visit to log into your Phala Cloud account. If you do not have an account, register with this link with .
Now interact with your application in Phala Cloud by going to the url on port 7681 (Example of what a url at port 7681 would look like )
Explore these to understand different use cases for TEE deployment: