Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From admin-devops
Manage Cloudflare DNS records and zones from the terminal with the cf CLI (coollabsio/cloudflare-cli). Full DNS CRUD, zone listing, filtered queries, proxied record toggling, and JSON output for scripting. Use when: managing DNS records via CLI, listing Cloudflare zones, creating/updating/deleting DNS records, automating Cloudflare DNS workflows, or troubleshooting zone-scoped token permission errors, "cf: command not found", config file issues.
npx claudepluginhub joshuarweaver/cascade-code-devops-misc-1 --plugin evolv3-ai-vibe-skillsHow this skill is triggered — by the user, by Claude, or both
Slash command
/admin-devops:cloudflare-cliThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
```bash
Provisions Cloudflare infrastructure using OpenTofu/Terraform for zones, DNS records, WAF rules, SSL settings, Page Rules, and cache configurations.
Hits Cloudflare REST API for bulk/fleet ops: DNS records, custom hostnames, email routing, cache purge, WAF/redirect rules, D1 cross-DB queries, R2/KV bulk, Vectorize/Queues. Outputs curl/scripts.
Adds, updates, deletes, and lists DNS records (A, AAAA, CNAME, MX, TXT, SRV, CAA, NS) for Zeabur-registered domains via the Zeabur CLI.
Share bugs, ideas, or general feedback.
# Linux/macOS (global)
curl -fsSL https://raw.githubusercontent.com/coollabsio/cloudflare-cli/main/scripts/install.sh | bash
# Linux/macOS (user, no sudo)
curl -fsSL https://raw.githubusercontent.com/coollabsio/cloudflare-cli/main/scripts/install.sh | bash -s -- --user
# Via Go
go install github.com/coollabsio/cloudflare-cli@latest
# From source
git clone https://github.com/coollabsio/cloudflare-cli.git
cd cloudflare-cli && go build -o cf .
Windows: Download the binary from GitHub Releases or build from source with go build -o cf.exe .
Create an API token in Cloudflare Dashboard → My Profile → API Tokens with permissions:
# Save token to config (recommended)
cf auth save <YOUR_API_TOKEN>
# Verify connection
cf auth verify
cf zones list
cf dns list example.com
cf dns create example.com -t A -n www -c 192.0.2.1 --proxied
Three methods, in priority order (higher overrides lower):
cf auth save <token>
# Saves to ~/.cloudflare/config.yaml
Config file contents:
api_token: your-api-token-here
output_format: table
export CLOUDFLARE_API_TOKEN=your-api-token
# OR
export CF_API_TOKEN=your-api-token
export CLOUDFLARE_API_KEY=your-api-key
export CLOUDFLARE_API_EMAIL=your-email
Priority: Environment variables override config file values.
| Permission | Scope | Required For |
|---|---|---|
| Zone:Read | All zones (recommended) | cf zones list, zone name resolution |
| DNS:Read | Target zones | cf dns list, cf dns get, cf dns find |
| DNS:Edit | Target zones | cf dns create, cf dns update, cf dns delete |
CRITICAL: Zone-scoped tokens (restricted to specific zones) cannot list zones or resolve zone names to IDs. See Known Issues.
cf zones list # List all zones in account
cf zones get example.com # Get zone details by name
cf zones get 023e105f4ecef8ad9ca31a... # Get zone details by ID
Both zone names and zone IDs are accepted in all commands.
cf dns list <zone> # All records
cf dns list <zone> --type A # Filter by type
cf dns list <zone> --type A -t CNAME # Multiple types
cf dns list <zone> --name www # Filter by name
cf dns list <zone> --search "production" # Search in comments/content
cf dns list <zone> -t A -n www # Combined filters
cf dns get <zone> <record-id>
# A record
cf dns create <zone> -t A -n www -c 192.0.2.1
# CNAME with proxy
cf dns create <zone> -t CNAME -n blog -c example.com --proxied
# MX with priority
cf dns create <zone> -t MX -n mail -c mail.example.com --priority 10
# TXT record
cf dns create <zone> -t TXT -n _acme -c "verification-string"
# A record with comment
cf dns create <zone> -t A -n api -c 192.0.2.10 --comment "Production API"
Create flags:
| Flag | Short | Required | Purpose |
|---|---|---|---|
--type | -t | Yes | Record type (A, AAAA, CNAME, MX, TXT, etc.) |
--name | -n | Yes | Record name (subdomain or @) |
--content | -c | Yes | Record value (IP, hostname, text) |
--ttl | No | TTL in seconds (default: 1 = auto) | |
--proxied | No | Route through Cloudflare CDN (boolean) | |
--priority | No | Priority (MX, SRV records) | |
--comment | No | Record comment/note |
cf dns update <zone> <record-id> --content 192.0.2.2
cf dns update <zone> <record-id> --proxied
cf dns update <zone> <record-id> --proxied=false
cf dns update <zone> <record-id> --comment "Updated comment"
cf dns update <zone> <record-id> --comment "" # Clear comment
cf dns update <zone> <record-id> -t A -n newname -c 192.0.2.3 # Multiple fields
Update accepts the same flags as create. Only specified flags are changed.
cf dns delete <zone> <record-id>
cf dns find <zone> --name www --type A
cf dns find <zone> -n api -t A
cf dns find <zone> --type MX
find returns matching records. Useful for scripting when you need to look up a record ID before updating or deleting.
cf config set <key> <value> # Set configuration value
cf config get <key> # Get configuration value
cf config list # List all settings
Available keys:
| Key | Values | Default | Purpose |
|---|---|---|---|
output_format | table, json | table | Default output format |
cf dns list example.com # Table (default, human-readable)
cf dns list example.com --output json # JSON for automation
cf dns list example.com -o json # Short flag
# Set JSON as default
cf config set output_format json
# Pipe to jq for filtering
cf dns list example.com -o json | jq '.[].name'
# Extract record IDs
cf dns list example.com -o json | jq -r '.[].id'
cf auth verify--output json for scripting and piping to jq--comment on records for documentationcf zones list (will fail with permission error)cf auth save insteadcf dns find or cf dns get)--proxied is safe for all record types (only works with A, AAAA, CNAME)Claude has limited training data for cf CLI (released Dec 2024). Common hallucinations:
cf, NOT cloudflare or cloudflare-clicf zones list NOT cf zone list (plural "zones")cf dns create NOT cf dns addcf dns delete NOT cf dns removecf auth save <token> NOT cf auth login or cf login--output json / -o json NOT --format json or --jsoncf dns list example.com NOT cf dns list --zone example.comFor complete correction patterns, see references/correction-rules.md.
This skill prevents 3 documented issues:
Error: Permission error when using cf zones list or resolving zone names
Cause: API token restricted to specific zones cannot list all zones or resolve names to IDs
Prevention: Either grant "All zones" read permission, or use zone IDs directly:
# Instead of zone name (fails with scoped token):
cf dns list example.com
# Use zone ID (always works):
cf dns list 023e105f4ecef8ad9ca31a8b...
Error: Config file not found or auth not persisting
Cause: ~/.cloudflare/ directory doesn't exist on Windows
Prevention: Ensure directory exists before saving auth:
mkdir -p ~/.cloudflare
cf auth save <token>
Windows config location: %USERPROFILE%\.cloudflare\config.yaml
Error: cf: command not found after running install script
Cause: Binary not on PATH or installed to unexpected location
Prevention: Check install location and add to PATH:
# Check if binary exists
which cf || ls /usr/local/bin/cf || ls ~/bin/cf
# User install adds to ~/bin — ensure it's on PATH
export PATH="$HOME/bin:$PATH"
cf update # Download and install latest version
cf version # Show current version
| Flag | Short | Purpose |
|---|---|---|
--config | Path to config file (default: ~/.cloudflare/config.yaml) | |
--output | -o | Output format: table (default) or json |