gln profile init
Create or update a profile.
Synopsis
gln [global-options] profile init <name> --endpoint <url> --user <id>
[--backend {fints | ebics | revolut | wise}]
[--blz <code>] [--customer-id <id>]
[--host-id <id>] [--partner-id <id>] [--security-medium <code>]
[--product-id <id>] [--product-version <version>]
[--state-file <path>] [--key-file <path>]
[--ebics-key-blob-file <path>] [--ebics-sidecar-key-file <path>]
[--ebics-tls-pinned-public-key <pin>]
[--client-id <id>] [--private-key <path>] [--redirect-uri <url>]
[--set-default]
Options
| Argument or flag | Type | Required | Default | Description | Backends |
|---|---|---|---|---|---|
<name> | string | yes | - | Profile name. Must not contain path separators, drive markers, or ... | all |
--endpoint | string | yes | - | Backend endpoint URL. | all |
--user | string | yes | - | User ID stored on the profile. | all |
--backend | enum (fints | ebics | revolut | wise) | no | fints | Backend to bind to. | all |
--product-id | string | no | - | Product registration ID. Falls back to product_id/mail.txt when omitted. | all |
--product-version | string | no | 1.0 | Product version string. | all |
--state-file | path | no | - | Path to the persisted FinTS state file. FinTS profiles auto-derive a default path when omitted; EBICS, Revolut, and Wise profiles leave it empty. | all |
--key-file | path | no | - | Path to the FinTS state encryption key file. | all |
--set-default | flag | no | false | Mark this profile as the default after writing it. | all |
--blz | string | yes (FinTS profiles) | - | Bank code (BLZ). | FinTS |
--customer-id | string | no | - | Customer ID. | FinTS |
--host-id | string | yes (EBICS profiles) | - | EBICS host ID. | EBICS |
--partner-id | string | yes (EBICS profiles) | - | EBICS partner ID. | EBICS |
--security-medium | string | no | 0000 | EBICS security medium. | EBICS |
--ebics-key-blob-file | path | no | - | Path to the EBICS encrypted key blob. | EBICS |
--ebics-sidecar-key-file | path | no | - | Path to the EBICS sidecar encryption key. | EBICS |
--ebics-tls-pinned-public-key | string | no | - | Pinned TLS public key for the EBICS endpoint. Accepts sha256//... or a path to a PEM file. | EBICS |
--client-id | string | yes (Revolut profiles) | - | Revolut Business API client ID. | Revolut |
--private-key | path | yes (Revolut profiles) | - | RSA private key PEM used to sign Revolut client assertions. Must exist on disk. | Revolut |
--redirect-uri | string | no | https://example.com | OAuth redirect URI configured on the Revolut certificate. Must be an absolute http(s) URL. | Revolut |
Description
Writes a profile entry to the local registry, validating that the requested backend has its mandatory fields and rejecting cross-backend flag mixes. Run this before any backend-touching command on a freshly installed galanthus, or to update an existing profile in place.
Backend wise requires no Wise-specific flags here.
profile init stores profile configuration: endpoint, user and provider
identifiers, product metadata, local state/key path configuration, backend
binding, and the Revolut client certificate path. It does not read or store
runtime authentication secrets.
Secrets and setup material enter through the command that owns that workflow:
| Backend | Profile configuration in profile init | Setup/auth secret or material supplied elsewhere |
|---|---|---|
| FinTS | Endpoint, BLZ, user/customer ID, product ID, state/key paths. | PIN is supplied when opening FinTS-backed commands, for example by prompt or --pin-stdin. |
| EBICS | Endpoint, host ID, partner ID, user ID, security medium, key-store paths, optional TLS pin. | Subscriber keys are generated/reset by EBICS setup commands; bank-key digests are supplied to profile bank-keys verify. |
| Revolut | Endpoint, user ID, product ID, client ID, private-key path, redirect URI. | OAuth authorization code/state is supplied to profile auth login revolut, or collected through its browser loopback flow. |
| Wise | Endpoint, user ID, product ID, backend binding. | PersonalToken is supplied to profile auth login wise by hidden prompt or --token-stdin. |
Requirements
- Profile: required to create one
- Credential type: none; this command writes profile configuration only
- Backend prerequisites: None.
- Input mode: None.
Status and exit codes
| Status | Exit | Meaning | Continuation |
|---|---|---|---|
ok | 0 | Profile written to the registry. | - |
error | 1 | Profile name, endpoint, user, or backend-specific input invalid. | - |
Result keys: name, endpoint, bank_code, user_id, customer_id, product_id, product_version, backend, state_file, key_file, ebics_host_id, ebics_partner_id, ebics_security_medium, ebics_key_blob_file, ebics_sidecar_key_file, ebics_tls_pinned_public_key
Examples
gln profile init demo --endpoint https://bank.example/fints `
--blz 12345678 --user alice --product-id galanthus
gln profile init corp --backend ebics `
--endpoint https://bank.example/ebics `
--host-id BANKHOST --partner-id PARTNER --user alice `
--product-id galanthus
gln profile init rev --backend revolut `
--endpoint https://sandbox-b2b.revolut.com/api/1.0 `
--user alice --product-id galanthus `
--client-id YOUR_CLIENT_ID --private-key C:\keys\revolut.pem
gln profile init wise --backend wise `
--endpoint https://api.sandbox.transferwise.tech `
--user alice --product-id galanthus
Notes
--redirect-uridefaults tohttps://example.com. If you pass an empty value explicitly, profile creation substitutes the same default at validation time.- Revolut
--private-keyis a path to the client assertion signing key. The key bytes are read by Revolut auth/backend commands, not stored in the profile registry.