Go from installer to first Cloudflare audit with the shortest safe path: vault setup, token validation, zone discovery, scan execution, and findings review.
- Installer path and first launch
- Vault setup
- Cloudflare connection validation
- First scan and findings review
Applies to
WindowsmacOSLinux
Covers
SetupWorkspacesConnectionsScansFindings
Quickstart
Before you start
You need:
- a supported desktop OS
- a Cloudflare API token with read-oriented access for the surfaces you want to audit
- at least one account or zone you are allowed to inspect
If the token cannot access a surface, CF Guard Desk will report the gap instead of pretending the surface is clean.
Install the app
- Download the current desktop build from the public download page.
- Install the build for your platform.
- Launch the app.
Create the vault
On first launch:
- Create a local vault passphrase.
- Confirm the passphrase.
- Unlock the vault to continue.
Create a workspace
Use a separate workspace when:
- you are auditing a different client
- you want a clean environment boundary
- you need to separate internal production from lab or staging work
Add a Cloudflare connection
Enter the Cloudflare API token and run validation.
Validation should confirm:
- the token is structurally valid
- the app can reach Cloudflare
- capabilities are discoverable
- zones can be listed if the token scope allows it
Run the first scan
For the first pass, use Quick Scan.
After the first Quick Scan:
- Open the dashboard.
- Check posture score and high-risk indicators.
- Open the findings explorer.
- Confirm at least one finding or explicit visibility statement exists.