Skip to main content
The CLI is self-documenting. Run cdp --help to see all commands, cdp evm --help to see actions in a group, or cdp evm accounts create --help to see fields, types, and examples for a specific action.

Auth and environments

The CLI uses two credentials, each serving a different purpose:
CredentialWhat it doesWhere to get it
API key (key ID + secret)Authenticates all requests to the CDP APIPortal → API Keys
Wallet secretAuthorizes account operations: creating accounts, signing, and sending transactionsPortal → Server Wallet
Both are stored in the OS keyring and used to generate short-lived JWTs for every request. Read-only operations like listing accounts or checking balances only need the API key. The wallet secret is additionally required whenever the request touches private key material.

Environments

An environment is a named credential set. The built-in live environment has the CDP API URL pre-configured. Only keys need to be supplied. 
cdp env live --key-file ./cdp-api-key.json
cdp env live --wallet-secret-file ./cdp_wallet_secret.txt
cdp env                                    # list all environments
cdp env live --remove                      # remove an environment
cdp env live --remove-wallet-secret        # remove wallet secret (keeps API key)
Multiple keys: Prefix live with any name to create additional environments that inherit live’s URL: 
cdp env live-team-a --key-id <id> --key-secret <secret>
cdp evm accounts list -e live-team-a    # use for one request
Custom environment names that don’t start with live require --url: 
cdp env custom --key-id <id> --key-secret <secret> --url https://api.cdp.coinbase.com/platform/v2

Headless / environment variable configuration

As an alternative to cdp env, the CLI can be configured entirely through environment variables. This is useful when secrets are managed externally (Vault, AWS Secrets Manager, etc.) or in headless environments without an OS keyring:
VariablePurpose
CDP_ENVActive environment name
CDP_KEY_IDAPI key ID
CDP_KEY_SECRETAPI key secret
CDP_WALLET_SECRETWallet secret
CDP_URLBase URL override
CDP_NO_HISTORYSet to 1 to disable request history
CDP_CONFIG_DIRConfig directory (default: ~/.config/cdp, %APPDATA%\cdp on Windows)

Request workflow

Every resource action (cdp <resource> <action>) follows the same workflow. These flags work on any action:

Discover

cdp evm accounts create --help       # see fields, types, response shape, example
cdp evm accounts create --template   # print the full request body as JSON

Compose

cdp evm accounts create name=my-wallet                   # inline fields
cdp evm accounts create --edit                           # open in $EDITOR
cdp evm accounts create @body.json                       # from file
echo '{"name":"my-wallet"}' | cdp evm accounts create -  # from stdin

Preview

cdp evm accounts create --dry-run    # show the assembled request without sending

Send and filter

cdp evm accounts create name=my-wallet
cdp evm accounts list --jq '.accounts[].address'   # filter response with jq
cdp evm accounts list --paginate                   # auto-follow nextPageToken

Reuse

The CLI saves the last successful request body per environment and action. On the next run, omit unchanged fields: 
cdp evm accounts create name=my-wallet   # saves on success
cdp evm accounts create                  # reuses saved values
cdp evm accounts create name=other       # overrides just the name
View or clear saved history with cdp history: 
cdp history        # show saved request history
cdp history clear  # clear all saved history

Field syntax

SyntaxMeaning
key=valueString body field
key:=valueRaw JSON body field (e.g. 'owners:=["0x..."]')
key==valueQuery parameter
a.b.c=valueNested body field
@file.jsonBody from file
-Body from stdin
Header:valueCustom HTTP header

The encode-sign-send pipeline

Sending a transaction is a three-step process: encode an unsigned transaction locally, sign it with the account’s private key in the Trusted Execution Environment (TEE), and send it to the network.

EVM

address=$(cdp evm accounts by-name my-wallet --jq '.address')

# 1. Encode — builds an unsigned EIP-1559 transaction
TX=$(cdp util tx-encode \
  --network base-sepolia \
  --to 0x4252e0c9A3da5A2700e7d91cb50aEf522D0C6Fe8 \
  --value 0.00001ether \
  --from $address)

# 2. Sign — signs with the account's private key in the TEE
SIGNED=$(cdp evm accounts sign transaction $address \
  transaction=$TX \
  --jq '.signedTransaction')

# 3. Send — broadcasts to the network
cdp evm accounts send transaction $address \
  network=base-sepolia \
  transaction=$SIGNED
For ERC-20 transfers, use abi-encode to build the calldata: 
DATA=$(cdp util abi-encode "transfer(address,uint256)" 0x4252e0c9A3da5A2700e7d91cb50aEf522D0C6Fe8 1000000)

TX=$(cdp util tx-encode \
  --network base-sepolia \
  --to 0x036CbD53842c5426634e7929541eC2318f3dCF7e \
  --data $DATA \
  --value 0 \
  --from $address)
# then sign and send as above

Solana

address=$(cdp solana accounts by-name my-sol-wallet --jq '.address')

# Encode (outputs base64)
TX=$(cdp util tx-encode \
  --network solana-devnet \
  --to <recipient> \
  --value 1000000 \
  --from $address)

# Sign
SIGNED=$(cdp solana accounts sign transaction $address \
  transaction=$TX \
  --jq '.signedTransaction')

# Send (Solana send does not take an address; it is inferred from the transaction)
cdp solana accounts send transaction \
  network=solana-devnet \
  transaction=$SIGNED

Smart accounts

Smart accounts (ERC-4337) use user operations instead of the encode-sign-send pipeline: 
cdp evm smart-accounts user-operations prepare-and-send 0xSmartAddr \
  network=base-sepolia \
  'calls:=[{"to":"0xRecipient","value":"10000000000000","data":"0x"}]' \
  paymasterUrl=https://paymaster.cdp.coinbase.com

cdp api

Browse the embedded API spec or make raw authenticated requests: 
cdp api                          # list all API groups
cdp api /evm                     # list all endpoints in a group
cdp api /evm/accounts --help     # full detail for endpoint(s) at that path
cdp api /evm/accounts            # GET request
cdp api -X POST /evm/accounts name=my-wallet   # POST request
cdp api /evm/accounts -v         # verbose (show headers)
Same field syntax as resource commands, plus Header:value for custom HTTP headers.

Client-side utilities

cdp util commands run locally. See cdp util <command> -h for full options.
CommandWhat it does
tx-encodeBuild an unsigned EVM or Solana transaction. Auto-fetches nonce/gas/blockhash when --from is provided. Supports --value 0.001ether and --value 0.5sol unit syntax.
tx-decodeDecode a raw transaction (hex for EVM, base64 for Solana) to inspect its contents.
abi-encodeABI-encode function calls ("transfer(address,uint256)" 0x... 1000) or raw value tuples.
encrypt-keyEncrypt a private key for account import using CDP’s RSA public key. Accepts --file or stdin.

Agent skills

Bundled skills teach AI agents complete workflows. Install them with cdp skills add. 
cdp skills list                # list installed skills
cdp skills add                 # install/update all bundled skills
cdp skills add --dir <path>    # install to a specific directory
cdp skills remove              # remove all installed skills
Skills cover: account creation and funding, the encode-sign-send pipeline, signing, import/export, smart accounts, spend permissions, token swaps, data queries, policies, end users, onramp, Solana, and x402.