About Account

Understand your access

When you register for an account, either through the Prelude CLI or the Build interface, you are provided an identifier and token pair that can be used to access the Prelude Service API.

Each Prelude action is governed by a set of permissions:


Upon registration, you are given a token with an ADMIN level permission, which grants access to all actions exposed through the CLI and Build interfaces. These credentials are cached inside Build and can also be exported to a keychain file. If you export them (recommended), you should save them to ~/.prelude/keychain.ini. This allows you to use the Prelude CLI with the same authentication as your Build instance.

You can create additional users with more granular permissions for each new use case or person you want to join your team.


Permissions are tiered, so each permission below also includes the ones above it.


Allows registration of new endpoints to your account, for use with Detect.


All access to the Build UI and all build/compute services in the CLI.


Provides access to Detect results, both aggregate and granular.


Manages users within a Prelude account and enables/disables security tests for your endpoints.

Working as a team

Build supports multiple users per Prelude account.

With the following command you can create a user that only has access to Build.

prelude iam create-user <HANDLE> --permission BUILD

You can revert those changes by deleting the user.

prelude iam delete-user <HANDLE>

Users in the same account will see each other's security tests and (compiled) VSTs.