diff --git a/README.md b/README.md
index 6a5eed85..c9ae5954 100644
--- a/README.md
+++ b/README.md
@@ -135,7 +135,7 @@ B2_APPLICATION_KEY=<key> B2_APPLICATION_KEY_ID=<key-id> docker run --rm -e B2_AP
 or authorize once and keep the credentials persisted:
 
 ```bash
-docker run --rm -it -v b2:/root backblazeit/b2:latest b2v3 authorize-account
+docker run --rm -it -v b2:/root backblazeit/b2:latest b2v3 account authorize
 docker run --rm -v b2:/root backblazeit/b2:latest b2v3 list-buckets  # remember to include `-v` - authorization details are there
 ```
 
diff --git a/b2/_internal/_b2v4/registry.py b/b2/_internal/_b2v4/registry.py
index 36dabfaa..2fc9ec64 100644
--- a/b2/_internal/_b2v4/registry.py
+++ b/b2/_internal/_b2v4/registry.py
@@ -56,3 +56,6 @@
 B2.register_subcommand(License)
 B2.register_subcommand(InstallAutocomplete)
 B2.register_subcommand(NotificationRules)
+B2.register_subcommand(Key)
+B2.register_subcommand(Replication)
+B2.register_subcommand(Account)
diff --git a/b2/_internal/b2v3/registry.py b/b2/_internal/b2v3/registry.py
index 665ec1e1..ff8a98ed 100644
--- a/b2/_internal/b2v3/registry.py
+++ b/b2/_internal/b2v3/registry.py
@@ -136,3 +136,6 @@ class Ls(B2URIBucketNFolderNameArgMixin, BaseLs):
 B2.register_subcommand(License)
 B2.register_subcommand(InstallAutocomplete)
 B2.register_subcommand(NotificationRules)
+B2.register_subcommand(Key)
+B2.register_subcommand(Replication)
+B2.register_subcommand(Account)
diff --git a/b2/_internal/console_tool.py b/b2/_internal/console_tool.py
index b3d6cc57..fedfac23 100644
--- a/b2/_internal/console_tool.py
+++ b/b2/_internal/console_tool.py
@@ -1145,7 +1145,7 @@ class B2(Command):
 
     There are two flows of authorization:
 
-    * call ``{NAME} authorize-account`` and have the credentials cached in sqlite
+    * call ``{NAME} account authorize`` and have the credentials cached in sqlite
     * set ``{B2_APPLICATION_KEY_ID_ENV_VAR}`` and ``{B2_APPLICATION_KEY_ENV_VAR}`` environment
       variables when running this program
 
@@ -1166,7 +1166,7 @@ class B2(Command):
 
     If the directory ``{XDG_CONFIG_HOME_ENV_VAR}/b2`` does not exist (and is needed), it is created.
     Please note that the above rules may be changed in next versions of b2sdk, and in order to get
-    reliable authentication file location you should use ``b2 get-account-info``.
+    reliable authentication file location you should use ``b2 account get``.
 
     Control characters escaping is turned on if running under terminal.
     You can override it by explicitly using `--escape-control-chars`/`--no-escape-control-chars`` option,
@@ -1206,7 +1206,7 @@ def _run(self, args):
         return args.command_class
 
 
-class AuthorizeAccount(Command):
+class AccountAuthorizeBase(Command):
     """
     Prompts for Backblaze ``applicationKeyId`` and ``applicationKey`` (unless they are given
     on the command line).
@@ -1218,7 +1218,7 @@ class AuthorizeAccount(Command):
     application key from the ``B2 Cloud Storage Buckets`` page on
     the web site: https://secure.backblaze.com/b2_buckets.htm
 
-    To use a normal application key, created with the ``create-key``
+    To use a normal application key, created with the ``key create``
     command or on the web site, provide the application key ID
     and the application key itself.
 
@@ -1383,7 +1383,7 @@ def _run(self, args):
         return 0
 
 
-class ClearAccount(Command):
+class AccountClearBase(Command):
     """
     Erases everything in local cache.
 
@@ -1599,7 +1599,7 @@ def _run(self, args):
         return 0
 
 
-class CreateKey(Command):
+class KeyCreateBase(Command):
     """
     Creates a new application key.  Prints the application key information.  This is the only
     time the application key itself will be returned.  Listing application keys will show
@@ -1618,7 +1618,7 @@ class CreateKey(Command):
     The ``namePrefix`` restricts file access to files whose names start with the prefix.
 
     The output is the new application key ID, followed by the application key itself.
-    The two values returned are the two that you pass to ``authorize-account`` to use the key.
+    The two values returned are the two that you pass to ``account authorize`` to use the key.
 
     Requires capability:
 
@@ -1717,7 +1717,7 @@ def _run(self, args):
         return 0
 
 
-class DeleteKey(Command):
+class KeyDeleteBase(Command):
     """
     Deletes the specified application key by its ID.
 
@@ -1977,7 +1977,7 @@ def _run(self, args):
         return 0
 
 
-class GetAccountInfo(Command):
+class AccountGetBase(Command):
     """
     Shows the account ID, key, auth token, URLs, and what capabilities
     the current application keys has.
@@ -2204,7 +2204,7 @@ def run_list_buckets(cls, command: Command, *, json_: bool) -> int:
         return 0
 
 
-class ListKeys(Command):
+class KeyListBase(Command):
     """
     Lists the application keys for the current account.
 
@@ -3653,7 +3653,7 @@ def _run(self, args):
         return 0
 
 
-class ReplicationSetup(Command):
+class ReplicationSetupBase(Command):
     """
     Sets up replication between two buckets (potentially from different accounts), creating and replacing keys if necessary.
 
@@ -3779,7 +3779,7 @@ def alter_one_rule(cls, rule: ReplicationRule) -> ReplicationRule | None:
         pass
 
 
-class ReplicationDelete(ReplicationRuleChanger):
+class ReplicationDeleteBase(ReplicationRuleChanger):
     """
     Deletes a replication rule
 
@@ -3795,7 +3795,7 @@ def alter_one_rule(cls, rule: ReplicationRule) -> ReplicationRule | None:
         return None
 
 
-class ReplicationPause(ReplicationRuleChanger):
+class ReplicationPauseBase(ReplicationRuleChanger):
     """
     Pauses a replication rule
 
@@ -3812,7 +3812,7 @@ def alter_one_rule(cls, rule: ReplicationRule) -> ReplicationRule | None:
         return rule
 
 
-class ReplicationUnpause(ReplicationRuleChanger):
+class ReplicationUnpauseBase(ReplicationRuleChanger):
     """
     Unpauses a replication rule
 
@@ -3829,7 +3829,7 @@ def alter_one_rule(cls, rule: ReplicationRule) -> ReplicationRule | None:
         return rule
 
 
-class ReplicationStatus(Command):
+class ReplicationStatusBase(Command):
     """
     Inspects files in only source or both source and destination buckets
     (potentially from different accounts) and provides detailed replication statistics.
@@ -4633,6 +4633,180 @@ def _run(self, args):
         return 0
 
 
+class Key(Command):
+    """
+    Application keys management subcommands.
+
+    For more information on each subcommand, use ``{NAME} key SUBCOMMAND --help``.
+
+    Examples:
+
+    .. code-block::
+
+        {NAME} key list
+        {NAME} key create my-key listFiles,deleteFiles
+        {NAME} key delete 005c398ac3212400000000010
+    """
+    subcommands_registry = ClassRegistry(attr_name='COMMAND_NAME')
+
+
+@Key.subcommands_registry.register
+class KeyListSubcommand(KeyListBase):
+    __doc__ = KeyListBase.__doc__
+    COMMAND_NAME = 'list'
+
+
+@Key.subcommands_registry.register
+class KeyCreateSubcommand(KeyCreateBase):
+    __doc__ = KeyCreateBase.__doc__
+    COMMAND_NAME = 'create'
+
+
+@Key.subcommands_registry.register
+class KeyDeleteSubcommand(KeyDeleteBase):
+    __doc__ = KeyDeleteBase.__doc__
+    COMMAND_NAME = 'delete'
+
+
+class ListKeys(CmdReplacedByMixin, KeyListBase):
+    __doc__ = KeyListBase.__doc__
+    replaced_by_cmd = Key
+
+
+class CreateKey(CmdReplacedByMixin, KeyCreateBase):
+    __doc__ = KeyCreateBase.__doc__
+    replaced_by_cmd = Key
+
+
+class DeleteKey(CmdReplacedByMixin, KeyDeleteBase):
+    __doc__ = KeyDeleteBase.__doc__
+    replaced_by_cmd = Key
+
+
+class Replication(Command):
+    """
+    Replication rule management subcommands.
+
+    For more information on each subcommand, use ``{NAME} key SUBCOMMAND --help``.
+
+    Examples:
+
+    .. code-block::
+
+        {NAME} replication setup --name=my-repl-rule src-bucket dest-bucket
+        {NAME} replication status --rule=my-repl-rule src-bucket
+        {NAME} replication pause src-bucket my-repl-rule
+        {NAME} replication unpause src-bucket my-repl-rule
+        {NAME} replication delete src-bucket my-repl-rule
+    """
+    subcommands_registry = ClassRegistry(attr_name='COMMAND_NAME')
+
+
+@Replication.subcommands_registry.register
+class ReplicationSetupSubcommand(ReplicationSetupBase):
+    __doc__ = ReplicationSetupBase.__doc__
+    COMMAND_NAME = 'setup'
+
+
+@Replication.subcommands_registry.register
+class ReplicationStatusSubcommand(ReplicationStatusBase):
+    __doc__ = ReplicationStatusBase.__doc__
+    COMMAND_NAME = 'status'
+
+
+@Replication.subcommands_registry.register
+class ReplicationPauseSubcommand(ReplicationPauseBase):
+    __doc__ = ReplicationPauseBase.__doc__
+    COMMAND_NAME = 'pause'
+
+
+@Replication.subcommands_registry.register
+class ReplicationUnpauseSubcommand(ReplicationUnpauseBase):
+    __doc__ = ReplicationUnpauseBase.__doc__
+    COMMAND_NAME = 'unpause'
+
+
+@Replication.subcommands_registry.register
+class ReplicationDeleteSubcommand(ReplicationDeleteBase):
+    __doc__ = ReplicationDeleteBase.__doc__
+    COMMAND_NAME = 'delete'
+
+
+class ReplicationSetup(CmdReplacedByMixin, ReplicationSetupBase):
+    __doc__ = ReplicationSetupBase.__doc__
+    replaced_by_cmd = Replication
+
+
+class ReplicationStatus(CmdReplacedByMixin, ReplicationStatusBase):
+    __doc__ = ReplicationStatusBase.__doc__
+    replaced_by_cmd = Replication
+
+
+class ReplicationPause(CmdReplacedByMixin, ReplicationPauseBase):
+    __doc__ = ReplicationPauseBase.__doc__
+    replaced_by_cmd = Replication
+
+
+class ReplicationUnpause(CmdReplacedByMixin, ReplicationUnpauseBase):
+    __doc__ = ReplicationUnpauseBase.__doc__
+    replaced_by_cmd = Replication
+
+
+class ReplicationDelete(CmdReplacedByMixin, ReplicationDeleteBase):
+    __doc__ = ReplicationDeleteBase.__doc__
+    replaced_by_cmd = Replication
+
+
+class Account(Command):
+    """
+    Account management subcommands.
+
+    For more information on each subcommand, use ``{NAME} key SUBCOMMAND --help``.
+
+    Examples:
+
+    .. code-block::
+
+        {NAME} account authorize [applicationKeyId] [applicationKey]
+        {NAME} account get
+        {NAME} account clear
+    """
+    subcommands_registry = ClassRegistry(attr_name='COMMAND_NAME')
+
+
+@Account.subcommands_registry.register
+class AccountAuthorize(AccountAuthorizeBase):
+    __doc__ = AccountAuthorizeBase.__doc__
+    COMMAND_NAME = 'authorize'
+
+
+@Account.subcommands_registry.register
+class AccountGet(AccountGetBase):
+    __doc__ = AccountGetBase.__doc__
+    COMMAND_NAME = 'get'
+
+
+@Account.subcommands_registry.register
+class AccountClear(AccountClearBase):
+    __doc__ = AccountClearBase.__doc__
+    COMMAND_NAME = 'clear'
+
+
+class AuthorizeAccount(CmdReplacedByMixin, AccountAuthorizeBase):
+    __doc__ = AccountAuthorizeBase.__doc__
+    replaced_by_cmd = Account
+
+
+class GetAccountInfo(CmdReplacedByMixin, AccountGetBase):
+    __doc__ = AccountGetBase.__doc__
+    replaced_by_cmd = Account
+
+
+class ClearAccount(CmdReplacedByMixin, AccountClearBase):
+    __doc__ = AccountClearBase.__doc__
+    replaced_by_cmd = Account
+
+
 class ConsoleTool:
     """
     Implements the commands available in the B2 command-line tool
@@ -4702,7 +4876,7 @@ def run_command(self, argv):
         except MissingAccountData as e:
             logger.exception('ConsoleTool missing account data error')
             self._print_stderr(
-                f'ERROR: {e}  Use: {self.b2_binary_name} authorize-account or provide auth data with '
+                f'ERROR: {e}  Use: \'{self.b2_binary_name} account authorize\' or provide auth data with '
                 f'{B2_APPLICATION_KEY_ID_ENV_VAR!r} and {B2_APPLICATION_KEY_ENV_VAR!r} environment variables'
             )
             return 1
@@ -4735,8 +4909,8 @@ def _initialize_b2_api(cls, args: argparse.Namespace, kwargs: dict) -> B2Api:
             except MissingAccountData:
                 is_same_key_on_disk = False
 
-            if not is_same_key_on_disk and args.command_class not in (
-                AuthorizeAccount, ClearAccount
+            if not is_same_key_on_disk and not issubclass(
+                args.command_class, (AccountAuthorizeBase, AccountClearBase)
             ):
                 # when user specifies keys via env variables, we switch to in-memory account info
                 return _get_inmemory_b2api(**kwargs)
@@ -4760,8 +4934,8 @@ def authorize_from_env(self) -> int:
         if self.api.account_info.is_same_key(key_id, realm or 'production'):
             return 0
 
-        logger.info('authorize-account is being run from env variables')
-        return AuthorizeAccount(self).authorize(key_id, key, realm)
+        logger.info('`account authorize` is being run from env variables')
+        return AccountAuthorizeBase(self).authorize(key_id, key, realm)
 
     def _print(self, *args, **kwargs):
         print(*args, file=self.stdout, **kwargs)
diff --git a/changelog.d/+command-account.added.md b/changelog.d/+command-account.added.md
new file mode 100644
index 00000000..cd9b0f1a
--- /dev/null
+++ b/changelog.d/+command-account.added.md
@@ -0,0 +1 @@
+Add `account {authorize|get|clear}` commands.
\ No newline at end of file
diff --git a/changelog.d/+command-account.deprecated.md b/changelog.d/+command-account.deprecated.md
new file mode 100644
index 00000000..602752fe
--- /dev/null
+++ b/changelog.d/+command-account.deprecated.md
@@ -0,0 +1 @@
+Deprecated `authorize-account`, `get-account-info` and `clear-account`, use `account {authorize|get|clear}` instead.
\ No newline at end of file
diff --git a/changelog.d/+command-key.added.md b/changelog.d/+command-key.added.md
new file mode 100644
index 00000000..2bf4c9db
--- /dev/null
+++ b/changelog.d/+command-key.added.md
@@ -0,0 +1 @@
+Add `key {list|create|delete}` commands.
\ No newline at end of file
diff --git a/changelog.d/+command-key.deprecated.md b/changelog.d/+command-key.deprecated.md
new file mode 100644
index 00000000..5ea56972
--- /dev/null
+++ b/changelog.d/+command-key.deprecated.md
@@ -0,0 +1 @@
+Deprecated `list-keys`, `create-key` and `delete-key`, use `key {list|create|delete}` instead.
\ No newline at end of file
diff --git a/changelog.d/+command-replication.added.md b/changelog.d/+command-replication.added.md
new file mode 100644
index 00000000..59c01eb3
--- /dev/null
+++ b/changelog.d/+command-replication.added.md
@@ -0,0 +1 @@
+Add `replication {setup|delete|pause|unpause|status}` commands.
\ No newline at end of file
diff --git a/changelog.d/+command-replication.deprecated.md b/changelog.d/+command-replication.deprecated.md
new file mode 100644
index 00000000..20b05c9f
--- /dev/null
+++ b/changelog.d/+command-replication.deprecated.md
@@ -0,0 +1 @@
+Deprecated `replication-{setup|delete|pause|unpause|status}`, use `replication {setup|delete|pause|unpause|status}` instead.
\ No newline at end of file
diff --git a/doc/source/quick_start.rst b/doc/source/quick_start.rst
index 02f299f9..edcc4942 100644
--- a/doc/source/quick_start.rst
+++ b/doc/source/quick_start.rst
@@ -12,7 +12,7 @@ Prepare B2 cli
 
 .. code-block:: sh
 
-    $ b2 authorize-account 4ab123456789 001aabbccddeeff123456789012345678901234567
+    $ b2 account authorize 4ab123456789 001aabbccddeeff123456789012345678901234567
     Using https://api.backblazeb2.com
 
 .. tip::
@@ -21,13 +21,13 @@ Prepare B2 cli
 .. warning::
    Local users might be able to access your process list and read command arguments. To avoid exposing credentials,
    you can provide application key ID and application key using environment variables ``B2_APPLICATION_KEY_ID`` and ``B2_APPLICATION_KEY`` respectively.
-   Those will be picked up automatically, so after defining those you'll just need to run ``b2 authorize-account`` with no extra parameters.
+   Those will be picked up automatically, so after defining those you'll just need to run ``b2 account authorize`` with no extra parameters.
 
    .. code-block:: sh
 
       $ export B2_APPLICATION_KEY_ID="$(<file-with-key-id.txt)"
       $ export B2_APPLICATION_KEY="$(<file-with-key.txt)"
-      $ b2 authorize-account
+      $ b2 account authorize
       Using https://api.backblazeb2.com
 
 
diff --git a/doc/source/replication.rst b/doc/source/replication.rst
index da1d7e90..669749af 100644
--- a/doc/source/replication.rst
+++ b/doc/source/replication.rst
@@ -33,7 +33,7 @@ Setup source key
 
 .. code-block:: sh
 
-    $ b2 create-key my-bucket-rplsrc readFiles,readFileLegalHolds,readFileRetentions
+    $ b2 key create my-bucket-rplsrc readFiles,readFileLegalHolds,readFileRetentions
     0014ab1234567890000000123 K001ZA12345678901234567890ABCDE
 
 
@@ -64,7 +64,7 @@ Setup destination key
 
 .. code-block:: sh
 
-    $ b2 create-key --profile myprofile2 my-bucket-rpldst writeFiles,writeFileLegalHolds,writeFileRetentions,deleteFiles
+    $ b2 key create --profile myprofile2 my-bucket-rpldst writeFiles,writeFileLegalHolds,writeFileRetentions,deleteFiles
     0024ab2345678900000000234 K001YYABCDE12345678901234567890
 
 
diff --git a/test/integration/helpers.py b/test/integration/helpers.py
index 91a4c8fc..3b094539 100755
--- a/test/integration/helpers.py
+++ b/test/integration/helpers.py
@@ -522,15 +522,15 @@ def should_fail(self, args, expected_pattern, additional_env: dict | None = None
 
     def reauthorize(self, check_key_capabilities=False):
         """Clear and authorize again to the account."""
-        self.should_succeed(['clear-account'])
+        self.should_succeed(['account', 'clear'])
         self.should_succeed(
             [
-                'authorize-account', '--environment', self.realm, self.account_id,
+                'account', 'authorize', '--environment', self.realm, self.account_id,
                 self.application_key
             ]
         )
         if check_key_capabilities:
-            auth_dict = self.should_succeed_json(['get-account-info'])
+            auth_dict = self.should_succeed_json(['account', 'get'])
             private_preview_caps = {
                 'readBucketNotifications',
                 'writeBucketNotifications',
diff --git a/test/integration/test_b2_command_line.py b/test/integration/test_b2_command_line.py
index f7d9da68..d190ea45 100755
--- a/test/integration/test_b2_command_line.py
+++ b/test/integration/test_b2_command_line.py
@@ -72,17 +72,17 @@ def test_authorize_account_via_params_saving_credentials(
     account_info_file,
 ):
     """
-    When calling `authorize-account` and passing credentials as params,
+    When calling `account authorize` and passing credentials as params,
     we want the credentials to be saved.
     """
 
-    b2_tool.should_succeed(['clear-account'])
+    b2_tool.should_succeed(['account', 'clear'])
 
     assert B2_APPLICATION_KEY_ID_ENV_VAR not in os.environ
     assert B2_APPLICATION_KEY_ENV_VAR not in os.environ
 
     b2_tool.should_succeed(
-        ['authorize-account', '--environment', realm, application_key_id, application_key]
+        ['account', 'authorize', '--environment', realm, application_key_id, application_key]
     )
 
     assert account_info_file.exists()
@@ -99,17 +99,17 @@ def test_authorize_account_via_env_vars_saving_credentials(
     account_info_file,
 ):
     """
-    When calling `authorize-account` and passing credentials
+    When calling `account authorize` and passing credentials
     via env vars, we still want the credentials to be saved.
     """
 
-    b2_tool.should_succeed(['clear-account'])
+    b2_tool.should_succeed(['account', 'clear'])
 
     assert B2_APPLICATION_KEY_ID_ENV_VAR not in os.environ
     assert B2_APPLICATION_KEY_ENV_VAR not in os.environ
 
     b2_tool.should_succeed(
-        ['authorize-account'],
+        ['account', 'authorize'],
         additional_env={
             B2_ENVIRONMENT_ENV_VAR: realm,
             B2_APPLICATION_KEY_ID_ENV_VAR: application_key_id,
@@ -131,7 +131,7 @@ def test_clear_account_with_env_vars(
     account_info_file,
 ):
     """
-    When calling `clear-account` and passing credentials via env vars,
+    When calling `account clear` and passing credentials via env vars,
     we want the credentials to be removed from the file.
     """
 
@@ -141,7 +141,7 @@ def test_clear_account_with_env_vars(
     assert account_info.get_application_key_id() == application_key_id
 
     b2_tool.should_succeed(
-        ['clear-account'],
+        ['account', 'clear'],
         additional_env={
             B2_ENVIRONMENT_ENV_VAR: realm,
             B2_APPLICATION_KEY_ID_ENV_VAR: application_key_id,
@@ -168,11 +168,11 @@ def test_command_with_env_vars_saving_credentials(
     b2_uri_args,
 ):
     """
-    When calling any command other then `authorize-account` and passing credentials
+    When calling any command other then `account authorize` and passing credentials
     via env vars, we don't want them to be saved.
     """
 
-    b2_tool.should_succeed(['clear-account'])
+    b2_tool.should_succeed(['account', 'clear'])
 
     assert B2_APPLICATION_KEY_ID_ENV_VAR not in os.environ
     assert B2_APPLICATION_KEY_ENV_VAR not in os.environ
@@ -203,11 +203,11 @@ def test_command_with_env_vars_not_saving_credentials(
     b2_uri_args,
 ):
     """
-    When calling any command other then `authorize-account` and passing credentials
+    When calling any command other then `account authorize` and passing credentials
     via env vars, we don't want them to be saved.
     """
 
-    b2_tool.should_succeed(['clear-account'])
+    b2_tool.should_succeed(['account', 'clear'])
 
     assert B2_APPLICATION_KEY_ID_ENV_VAR not in os.environ
     assert B2_APPLICATION_KEY_ENV_VAR not in os.environ
@@ -531,7 +531,8 @@ def test_key_restrictions(b2_tool, bucket_name, sample_file, bucket_factory, b2_
     key_one_name = 'clt-testKey-01' + random_hex(6)
     created_key_stdout = b2_tool.should_succeed(
         [
-            'create-key',
+            'key',
+            'create',
             key_one_name,
             'listFiles,listBuckets,readFiles,writeKeys',
         ]
@@ -539,7 +540,7 @@ def test_key_restrictions(b2_tool, bucket_name, sample_file, bucket_factory, b2_
     key_one_id, key_one = created_key_stdout.split()
 
     b2_tool.should_succeed(
-        ['authorize-account', '--environment', b2_tool.realm, key_one_id, key_one],
+        ['account', 'authorize', '--environment', b2_tool.realm, key_one_id, key_one],
     )
 
     b2_tool.should_succeed(['get-bucket', bucket_name],)
@@ -549,7 +550,8 @@ def test_key_restrictions(b2_tool, bucket_name, sample_file, bucket_factory, b2_
     key_two_name = 'clt-testKey-02' + random_hex(6)
     created_key_two_stdout = b2_tool.should_succeed(
         [
-            'create-key',
+            'key',
+            'create',
             '--bucket',
             bucket_name,
             key_two_name,
@@ -558,12 +560,32 @@ def test_key_restrictions(b2_tool, bucket_name, sample_file, bucket_factory, b2_
     )
     key_two_id, key_two = created_key_two_stdout.split()
 
+    create_key_deprecated_pattern = re.compile(
+        re.escape('WARNING: create-key command is deprecated. Use key instead.')
+    )
+    key_three_name = 'clt-testKey-03' + random_hex(6)
+    created_key_three_stdout = b2_tool.should_succeed(
+        [
+            'create-key',
+            '--bucket',
+            bucket_name,
+            key_three_name,
+            'listFiles,listBuckets,readFiles',
+        ],
+        expected_stderr_pattern=create_key_deprecated_pattern,
+    )
+    key_three_id, key_three = created_key_three_stdout.split()
+
     b2_tool.should_succeed(
-        ['authorize-account', '--environment', b2_tool.realm, key_two_id, key_two],
+        ['account', 'authorize', '--environment', b2_tool.realm, key_two_id, key_two],
     )
     b2_tool.should_succeed(['get-bucket', bucket_name],)
     b2_tool.should_succeed(['ls', *b2_uri_args(bucket_name)],)
 
+    b2_tool.should_succeed(
+        ['account', 'authorize', '--environment', b2_tool.realm, key_three_id, key_three],
+    )
+
     # Capabilities can be listed in any order. While this regex doesn't confirm that all three are present,
     # in ensures that there are three in total.
     failed_bucket_err = r'Deletion of file "test" \([^\)]+\) failed: unauthorized for ' \
@@ -586,12 +608,20 @@ def test_key_restrictions(b2_tool, bucket_name, sample_file, bucket_factory, b2_
     # reauthorize with more capabilities for clean up
     b2_tool.should_succeed(
         [
-            'authorize-account', '--environment', b2_tool.realm, b2_tool.account_id,
+            'account', 'authorize', '--environment', b2_tool.realm, b2_tool.account_id,
             b2_tool.application_key
         ]
     )
-    b2_tool.should_succeed(['delete-key', key_one_id])
-    b2_tool.should_succeed(['delete-key', key_two_id])
+    b2_tool.should_succeed(['key', 'delete', key_one_id])
+    b2_tool.should_succeed(['key', 'delete', key_two_id])
+
+    delete_key_deprecated_pattern = re.compile(
+        re.escape('WARNING: delete-key command is deprecated. Use key instead.')
+    )
+    b2_tool.should_succeed(
+        ['delete-key', key_three_id],
+        expected_stderr_pattern=delete_key_deprecated_pattern,
+    )
 
 
 def test_delete_bucket(b2_tool, bucket_name):
@@ -616,14 +646,15 @@ def test_account(b2_tool, cli_version, apiver_int, monkeypatch):
         account_info_file_path = os.path.join(mkdtemp(), 'b2_account_info')
         mp.setenv(B2_ACCOUNT_INFO_ENV_VAR, account_info_file_path)
 
-        b2_tool.should_succeed(['clear-account'])
+        b2_tool.should_succeed(['account', 'clear'])
         bad_application_key = random_hex(len(b2_tool.application_key))
         b2_tool.should_fail(
-            ['authorize-account', b2_tool.account_id, bad_application_key], r'unauthorized'
+            ['account', 'authorize', b2_tool.account_id, bad_application_key], r'unauthorized'
         )  # this call doesn't use --environment on purpose, so that we check that it is non-mandatory
         b2_tool.should_succeed(
             [
-                'authorize-account',
+                'account',
+                'authorize',
                 '--environment',
                 b2_tool.realm,
                 b2_tool.account_id,
@@ -631,7 +662,7 @@ def test_account(b2_tool, cli_version, apiver_int, monkeypatch):
             ]
         )
 
-    # Testing (B2_APPLICATION_KEY, B2_APPLICATION_KEY_ID) for commands other than authorize-account
+    # Testing (B2_APPLICATION_KEY, B2_APPLICATION_KEY_ID) for commands other than `account authorize`
     with monkeypatch.context() as mp:
         account_info_file_path = os.path.join(mkdtemp(), 'b2_account_info')
         mp.setenv(B2_ACCOUNT_INFO_ENV_VAR, account_info_file_path)
@@ -642,7 +673,7 @@ def test_account(b2_tool, cli_version, apiver_int, monkeypatch):
         b2_tool.should_fail(
             ['create-bucket', bucket_name, 'allPrivate'],
             r'ERROR: Missing account data: \'NoneType\' object is not subscriptable (\(key 0\) )? '
-            fr'Use: {cli_version}(\.(exe|EXE))? authorize-account or provide auth data with \'B2_APPLICATION_KEY_ID\' and '
+            fr'Use: \'{cli_version}(\.(exe|EXE))? account authorize\' or provide auth data with \'B2_APPLICATION_KEY_ID\' and '
             r'\'B2_APPLICATION_KEY\' environment variables'
         )
 
@@ -2119,7 +2150,7 @@ def test_file_lock(
 
     b2_tool.should_succeed(
         [
-            'authorize-account', '--environment', b2_tool.realm, lock_disabled_key_id,
+            'account', 'authorize', '--environment', b2_tool.realm, lock_disabled_key_id,
             lock_disabled_key
         ],
     )
@@ -2134,7 +2165,10 @@ def test_file_lock(
     )
 
     b2_tool.should_succeed(
-        ['authorize-account', '--environment', b2_tool.realm, application_key_id, application_key],
+        [
+            'account', 'authorize', '--environment', b2_tool.realm, application_key_id,
+            application_key
+        ],
     )
 
     deleting_locked_files(
@@ -2146,7 +2180,8 @@ def make_lock_disabled_key(b2_tool):
     key_name = 'no-perms-for-file-lock' + random_hex(6)
     created_key_stdout = b2_tool.should_succeed(
         [
-            'create-key',
+            'key',
+            'create',
             key_name,
             'listFiles,listBuckets,readFiles,writeKeys,deleteFiles',
         ]
@@ -2314,7 +2349,7 @@ def deleting_locked_files(
 
     b2_tool.should_succeed(
         [
-            'authorize-account', '--environment', b2_tool.realm, lock_disabled_key_id,
+            'account', 'authorize', '--environment', b2_tool.realm, lock_disabled_key_id,
             lock_disabled_key
         ],
     )
@@ -2335,16 +2370,17 @@ def test_profile_switch(b2_tool):
 
     b2_tool.should_succeed(
         [
-            'authorize-account',
+            'account',
+            'authorize',
             '--environment',
             b2_tool.realm,
             b2_tool.account_id,
             b2_tool.application_key,
         ]
     )
-    b2_tool.should_succeed(['get-account-info'])
-    b2_tool.should_succeed(['clear-account'])
-    b2_tool.should_fail(['get-account-info'], expected_pattern=MISSING_ACCOUNT_PATTERN)
+    b2_tool.should_succeed(['account', 'get'])
+    b2_tool.should_succeed(['account', 'clear'])
+    b2_tool.should_fail(['account', 'get'], expected_pattern=MISSING_ACCOUNT_PATTERN)
 
     # in order to use --profile flag, we need to temporary
     # delete B2_ACCOUNT_INFO_ENV_VAR
@@ -2353,12 +2389,13 @@ def test_profile_switch(b2_tool):
     # now authorize a different account
     profile = 'profile-for-test-' + random_hex(6)
     b2_tool.should_fail(
-        ['get-account-info', '--profile', profile],
+        ['account', 'get', '--profile', profile],
         expected_pattern=MISSING_ACCOUNT_PATTERN,
     )
     b2_tool.should_succeed(
         [
-            'authorize-account',
+            'account',
+            'authorize',
             '--environment',
             b2_tool.realm,
             '--profile',
@@ -2368,14 +2405,14 @@ def test_profile_switch(b2_tool):
         ]
     )
 
-    account_info = b2_tool.should_succeed_json(['get-account-info', '--profile', profile])
+    account_info = b2_tool.should_succeed_json(['account', 'get', '--profile', profile])
     account_file_path = account_info['accountFilePath']
     assert profile in account_file_path, \
         f'accountFilePath "{account_file_path}" should contain profile name "{profile}"'
 
-    b2_tool.should_succeed(['clear-account', '--profile', profile])
+    b2_tool.should_succeed(['account', 'clear', '--profile', profile])
     b2_tool.should_fail(
-        ['get-account-info', '--profile', profile],
+        ['account', 'get', '--profile', profile],
         expected_pattern=MISSING_ACCOUNT_PATTERN,
     )
     os.remove(account_file_path)
@@ -2389,7 +2426,8 @@ def test_replication_basic(b2_tool, bucket_name, schedule_bucket_cleanup):
     key_one_name = 'clt-testKey-01' + random_hex(6)
     created_key_stdout = b2_tool.should_succeed(
         [
-            'create-key',
+            'key',
+            'create',
             key_one_name,
             'listBuckets,readFiles',
         ]
@@ -2399,7 +2437,8 @@ def test_replication_basic(b2_tool, bucket_name, schedule_bucket_cleanup):
     key_two_name = 'clt-testKey-02' + random_hex(6)
     created_key_stdout = b2_tool.should_succeed(
         [
-            'create-key',
+            'key',
+            'create',
             key_two_name,
             'listBuckets,writeFiles',
         ]
@@ -2533,11 +2572,25 @@ def test_replication_basic(b2_tool, bucket_name, schedule_bucket_cleanup):
         'asReplicationSource': None
     }
 
-    b2_tool.should_succeed(['delete-key', key_one_id])
-    b2_tool.should_succeed(['delete-key', key_two_id])
+    b2_tool.should_succeed(['key', 'delete', key_one_id])
+    b2_tool.should_succeed(['key', 'delete', key_two_id])
 
 
 def test_replication_setup(b2_tool, bucket_name, schedule_bucket_cleanup):
+    base_test_replication_setup(b2_tool, bucket_name, schedule_bucket_cleanup, True)
+
+
+def test_replication_setup_deprecated(b2_tool, bucket_name, schedule_bucket_cleanup):
+    base_test_replication_setup(b2_tool, bucket_name, schedule_bucket_cleanup, False)
+
+
+def base_test_replication_setup(b2_tool, bucket_name, schedule_bucket_cleanup, use_subcommands):
+    setup_cmd = ['replication', 'setup'] if use_subcommands else ['replication-setup']
+    replication_setup_deprecated_pattern = re.compile(
+        re.escape('WARNING: replication-setup command is deprecated. Use replication instead.')
+    )
+    replication_setup_expected_stderr_pattern = None if use_subcommands else replication_setup_deprecated_pattern
+
     source_bucket_name = b2_tool.generate_bucket_name()
     schedule_bucket_cleanup(source_bucket_name)
     b2_tool.should_succeed(
@@ -2550,12 +2603,15 @@ def test_replication_setup(b2_tool, bucket_name, schedule_bucket_cleanup):
         ]
     )
     destination_bucket_name = bucket_name
-    b2_tool.should_succeed(['replication-setup', source_bucket_name, destination_bucket_name])
+    b2_tool.should_succeed(
+        [*setup_cmd, source_bucket_name, destination_bucket_name],
+        expected_stderr_pattern=replication_setup_expected_stderr_pattern
+    )
     destination_bucket_old = b2_tool.should_succeed_json(['get-bucket', destination_bucket_name])
 
     b2_tool.should_succeed(
         [
-            'replication-setup',
+            *setup_cmd,
             '--priority',
             '132',
             '--file-name-prefix',
@@ -2564,7 +2620,8 @@ def test_replication_setup(b2_tool, bucket_name, schedule_bucket_cleanup):
             'my-replication-rule',
             source_bucket_name,
             destination_bucket_name,
-        ]
+        ],
+        expected_stderr_pattern=replication_setup_expected_stderr_pattern,
     )
     source_bucket = b2_tool.should_succeed_json(['get-bucket', source_bucket_name])
     destination_bucket = b2_tool.should_succeed_json(['get-bucket', destination_bucket_name])
@@ -2589,8 +2646,8 @@ def test_replication_setup(b2_tool, bucket_name, schedule_bucket_cleanup):
 
     for key_one_id, key_two_id in destination_bucket['replication']['asReplicationDestination'][
         'sourceToDestinationKeyMapping'].items():
-        b2_tool.should_succeed(['delete-key', key_one_id])
-        b2_tool.should_succeed(['delete-key', key_two_id])
+        b2_tool.should_succeed(['key', 'delete', key_one_id])
+        b2_tool.should_succeed(['key', 'delete', key_two_id])
     assert destination_bucket_old['replication']['asReplicationDestination'][
         'sourceToDestinationKeyMapping'] == destination_bucket['replication'][
             'asReplicationDestination']['sourceToDestinationKeyMapping']
@@ -2602,7 +2659,8 @@ def test_replication_monitoring(b2_tool, bucket_name, sample_file, schedule_buck
     key_one_name = 'clt-testKey-01' + random_hex(6)
     created_key_stdout = b2_tool.should_succeed(
         [
-            'create-key',
+            'key',
+            'create',
             key_one_name,
             'listBuckets,readFiles',
         ]
@@ -2612,7 +2670,8 @@ def test_replication_monitoring(b2_tool, bucket_name, sample_file, schedule_buck
     key_two_name = 'clt-testKey-02' + random_hex(6)
     created_key_stdout = b2_tool.should_succeed(
         [
-            'create-key',
+            'key',
+            'create',
             key_two_name,
             'listBuckets,writeFiles',
         ]
@@ -2745,6 +2804,9 @@ def test_replication_monitoring(b2_tool, bucket_name, sample_file, schedule_buck
     b2_tool.should_succeed(['delete-file-version', uploaded_a['fileName'], uploaded_a['fileId']])
 
     # run stats command
+    replication_status_deprecated_pattern = re.compile(
+        re.escape('WARNING: replication-status command is deprecated. Use replication instead.')
+    )
     replication_status_json = b2_tool.should_succeed_json(
         [
             'replication-status',
@@ -2755,6 +2817,21 @@ def test_replication_monitoring(b2_tool, bucket_name, sample_file, schedule_buck
             '--output-format',
             'json',
             source_bucket_name,
+        ],
+        expected_stderr_pattern=replication_status_deprecated_pattern
+    )
+
+    replication_status_json = b2_tool.should_succeed_json(
+        [
+            'replication',
+            'status',
+            # '--destination-profile',
+            # profile,
+            '--no-progress',
+            # '--columns=count, hash differs',
+            '--output-format',
+            'json',
+            source_bucket_name,
         ]
     )
 
@@ -3070,7 +3147,7 @@ def assert_expected(file_info, expected=expected_file_info):
 
 
 def test_notification_rules(b2_tool, bucket_name):
-    auth_dict = b2_tool.should_succeed_json(['get-account-info'])
+    auth_dict = b2_tool.should_succeed_json(['account', 'get'])
     if 'writeBucketNotifications' not in auth_dict['allowed']['capabilities']:
         pytest.skip('Test account does not have writeBucketNotifications capability')
 
diff --git a/test/unit/console_tool/test_authorize_account.py b/test/unit/console_tool/test_authorize_account.py
index 5c9767be..3d86255f 100644
--- a/test/unit/console_tool/test_authorize_account.py
+++ b/test/unit/console_tool/test_authorize_account.py
@@ -33,7 +33,7 @@ def test_authorize_with_bad_key(b2_cli):
     """
 
     b2_cli._run_command(
-        ["authorize-account", b2_cli.account_id, "bad-app-key"],
+        ["account", "authorize", b2_cli.account_id, "bad-app-key"],
         expected_stdout,
         expected_stderr,
         1,
@@ -44,17 +44,19 @@ def test_authorize_with_bad_key(b2_cli):
 @pytest.mark.parametrize(
     "command",
     [
-        "authorize-account",
-        "authorize_account",
+        ["authorize-account"],
+        ["authorize_account"],
+        ["account", "authorize"],
     ],
 )
 def test_authorize_with_good_key(b2_cli, b2_cli_is_authorized_afterwards, command):
     assert b2_cli.account_info.get_account_auth_token() is None
 
-    expected_stderr = """
-    """
+    expected_stderr = "" if len(
+        command
+    ) == 2 else "WARNING: authorize-account command is deprecated. Use account instead.\n"
 
-    b2_cli._run_command([command, b2_cli.account_id, b2_cli.master_key], None, expected_stderr, 0)
+    b2_cli._run_command([*command, b2_cli.account_id, b2_cli.master_key], None, expected_stderr, 0)
 
     assert b2_cli.account_info.get_account_auth_token() is not None
 
@@ -62,9 +64,16 @@ def test_authorize_with_good_key(b2_cli, b2_cli_is_authorized_afterwards, comman
 def test_authorize_using_env_variables(b2_cli):
     assert b2_cli.account_info.get_account_auth_token() is None
 
-    expected_stderr = """
-    """
+    with mock.patch.dict(
+        "os.environ",
+        {
+            B2_APPLICATION_KEY_ID_ENV_VAR: b2_cli.account_id,
+            B2_APPLICATION_KEY_ENV_VAR: b2_cli.master_key,
+        },
+    ):
+        b2_cli._run_command(["account", "authorize"], None, "", 0)
 
+    # test deprecated command
     with mock.patch.dict(
         "os.environ",
         {
@@ -72,7 +81,10 @@ def test_authorize_using_env_variables(b2_cli):
             B2_APPLICATION_KEY_ENV_VAR: b2_cli.master_key,
         },
     ):
-        b2_cli._run_command(["authorize-account"], None, expected_stderr, 0)
+        b2_cli._run_command(
+            ["authorize-account"], None,
+            'WARNING: authorize-account command is deprecated. Use account instead.\n', 0
+        )
 
     assert b2_cli.account_info.get_account_auth_token() is not None
 
@@ -94,7 +106,7 @@ def test_authorize_towards_realm(
     expected_stderr = f"Using {realm_url}\n" if any(f != "--debug-logs" for f in flags) else ""
 
     b2_cli._run_command(
-        ["authorize-account", *flags, b2_cli.account_id, b2_cli.master_key],
+        ["account", "authorize", *flags, b2_cli.account_id, b2_cli.master_key],
         None,
         expected_stderr,
         0,
@@ -118,7 +130,7 @@ def test_authorize_towards_custom_realm_using_env(b2_cli, b2_cli_is_authorized_a
         },
     ):
         b2_cli._run_command(
-            ["authorize-account", b2_cli.account_id, b2_cli.master_key],
+            ["account", "authorize", b2_cli.account_id, b2_cli.master_key],
             None,
             expected_stderr,
             0,
@@ -146,7 +158,7 @@ def test_authorize_account_prints_account_info(b2_cli):
     }
 
     b2_cli._run_command(
-        ['authorize-account', b2_cli.account_id, b2_cli.master_key],
+        ['account', 'authorize', b2_cli.account_id, b2_cli.master_key],
         expected_stderr='',
         expected_status=0,
         expected_json_in_stdout=expected_json,
diff --git a/test/unit/test_console_tool.py b/test/unit/test_console_tool.py
index 0843d694..8eb30738 100644
--- a/test/unit/test_console_tool.py
+++ b/test/unit/test_console_tool.py
@@ -180,13 +180,13 @@ def _authorize_account(self):
         """
         Prepare for a test by authorizing an account and getting an account auth token
         """
-        self._run_command_ignore_output(['authorize-account', self.account_id, self.master_key])
+        self._run_command_ignore_output(['account', 'authorize', self.account_id, self.master_key])
 
     def _clear_account(self):
         """
         Clear account auth data
         """
-        self._run_command_ignore_output(['clear-account'])
+        self._run_command_ignore_output(['account', 'clear'])
 
     def _create_my_bucket(self):
         self._run_command(['create-bucket', 'my-bucket', 'allPublic'], 'bucket_0\n', '', 0)
@@ -341,20 +341,51 @@ def test_create_key_and_authorize_with_it(self):
 
         # Create a key
         self._run_command(
-            ['create-key', 'key1', 'listBuckets,listKeys'],
+            ['key', 'create', 'key1', 'listBuckets,listKeys'],
             'appKeyId0 appKey0\n',
             '',
             0,
         )
 
+        # test deprecated command
+        self._run_command(
+            ['create-key', 'key2', 'listBuckets,listKeys'],
+            'appKeyId1 appKey1\n',
+            'WARNING: create-key command is deprecated. Use key instead.\n',
+            0,
+        )
+
         # Authorize with the key
         self._run_command(
-            ['authorize-account', 'appKeyId0', 'appKey0'],
+            ['account', 'authorize', 'appKeyId0', 'appKey0'],
+            None,
+            '',
+            0,
+        )
+
+        self._run_command(
+            ['account', 'authorize', 'appKeyId1', 'appKey1'],
             None,
             '',
             0,
         )
 
+        # test deprecated command
+        self._run_command(
+            ['authorize-account', 'appKeyId0', 'appKey0'],
+            None,
+            "WARNING: authorize-account command is deprecated. Use account instead.\n",
+            0,
+        )
+
+        # test deprecated command
+        self._run_command(
+            ['authorize-account', 'appKeyId1', 'appKey1'],
+            None,
+            "WARNING: authorize-account command is deprecated. Use account instead.\n",
+            0,
+        )
+
     def test_create_key_with_authorization_from_env_vars(self):
         # Initial condition
         assert self.account_info.get_account_auth_token() is None
@@ -371,17 +402,17 @@ def test_create_key_with_authorization_from_env_vars(self):
             assert B2_APPLICATION_KEY_ID_ENV_VAR in os.environ
             assert B2_APPLICATION_KEY_ENV_VAR in os.environ
 
-            # The first time we're running on this cache there will be output from the implicit "authorize-account" call
+            # The first time we're running on this cache there will be output from the implicit "account authorize" call
             self._run_command(
-                ['create-key', 'key1', 'listBuckets,listKeys'],
+                ['key', 'create', 'key1', 'listBuckets,listKeys'],
                 'appKeyId0 appKey0\n',
                 '',
                 0,
             )
 
-            # The second time "authorize-account" is not called
+            # The second time "account authorize" is not called
             self._run_command(
-                ['create-key', 'key1', 'listBuckets,listKeys,writeKeys'],
+                ['key', 'create', 'key1', 'listBuckets,listKeys,writeKeys'],
                 'appKeyId1 appKey1\n',
                 '',
                 0,
@@ -393,22 +424,22 @@ def test_create_key_with_authorization_from_env_vars(self):
                     B2_APPLICATION_KEY_ENV_VAR: 'appKey1',
                 }
             ):
-                # "authorize-account" is called when the key changes
+                # "account authorize" is called when the key changes
                 self._run_command(
-                    ['create-key', 'key1', 'listBuckets,listKeys'],
+                    ['key', 'create', 'key1', 'listBuckets,listKeys'],
                     'appKeyId2 appKey2\n',
                     '',
                     0,
                 )
 
-                # "authorize-account" is also called when the realm changes
+                # "account authorize" is also called when the realm changes
                 with mock.patch.dict(
                     'os.environ', {
                         B2_ENVIRONMENT_ENV_VAR: 'http://custom.example.com',
                     }
                 ):
                     self._run_command(
-                        ['create-key', 'key1', 'listBuckets,listKeys'],
+                        ['key', 'create', 'key1', 'listBuckets,listKeys'],
                         'appKeyId3 appKey3\n',
                         'Using http://custom.example.com\n',
                         0,
@@ -418,11 +449,11 @@ def test_authorize_key_without_list_buckets(self):
         self._authorize_account()
 
         # Create a key without listBuckets
-        self._run_command(['create-key', 'key1', 'listKeys'], 'appKeyId0 appKey0\n', '', 0)
+        self._run_command(['key', 'create', 'key1', 'listKeys'], 'appKeyId0 appKey0\n', '', 0)
 
         # Authorize with the key
         self._run_command(
-            ['authorize-account', 'appKeyId0', 'appKey0'],
+            ['account', 'authorize', 'appKeyId0', 'appKey0'],
             '',
             'ERROR: application key has no listBuckets capability, which is required for the b2 command-line tool\n',
             1,
@@ -489,13 +520,27 @@ def test_create_bucket_key_and_authorize_with_it(self):
 
         # Create a key restricted to that bucket
         self._run_command(
-            ['create-key', '--bucket', 'my-bucket', 'key1', 'listKeys,listBuckets'],
+            ['key', 'create', '--bucket', 'my-bucket', 'key1', 'listKeys,listBuckets'],
             'appKeyId0 appKey0\n', '', 0
         )
 
+        # test deprecated command
+        self._run_command(
+            ['create-key', '--bucket', 'my-bucket', 'key2', 'listKeys,listBuckets'],
+            'appKeyId1 appKey1\n', 'WARNING: create-key command is deprecated. Use key instead.\n',
+            0
+        )
+
         # Authorize with the key
         self._run_command(
-            ['authorize-account', 'appKeyId0', 'appKey0'],
+            ['account', 'authorize', 'appKeyId0', 'appKey0'],
+            None,
+            '',
+            0,
+        )
+
+        self._run_command(
+            ['account', 'authorize', 'appKeyId1', 'appKey1'],
             None,
             '',
             0,
@@ -542,7 +587,20 @@ def test_clear_account(self):
 
         # Clearing the account should remove the auth token
         # from the account info.
-        self._run_command(['clear-account'], '', '', 0)
+        self._run_command(['account', 'clear'], '', '', 0)
+        assert self.account_info.get_account_auth_token() is None
+
+    def test_deprecated_clear_account(self):
+        # Initial condition
+        self._authorize_account()
+        assert self.account_info.get_account_auth_token() is not None
+
+        # Clearing the account should remove the auth token
+        # from the account info.
+        self._run_command(
+            ['clear-account'], '',
+            'WARNING: clear-account command is deprecated. Use account instead.\n', 0
+        )
         assert self.account_info.get_account_auth_token() is None
 
     def test_buckets(self):
@@ -665,13 +723,13 @@ def test_keys(self):
         # Make a key with an illegal name
         expected_stderr = 'ERROR: Bad request: illegal key name: bad_key_name\n'
         self._run_command(
-            ['create-key', 'bad_key_name', capabilities_with_commas], '', expected_stderr, 1
+            ['key', 'create', 'bad_key_name', capabilities_with_commas], '', expected_stderr, 1
         )
 
         # Make a key with negative validDurationInSeconds
         expected_stderr = 'ERROR: Bad request: valid duration must be greater than 0, and less than 1000 days in seconds\n'
         self._run_command(
-            ['create-key', '--duration', '-456', 'goodKeyName', capabilities_with_commas], '',
+            ['key', 'create', '--duration', '-456', 'goodKeyName', capabilities_with_commas], '',
             expected_stderr, 1
         )
 
@@ -679,24 +737,24 @@ def test_keys(self):
         expected_stderr = 'ERROR: Bad request: valid duration must be greater than 0, ' \
                           'and less than 1000 days in seconds\n'
         self._run_command(
-            ['create-key', '--duration', '0', 'goodKeyName', capabilities_with_commas], '',
+            ['key', 'create', '--duration', '0', 'goodKeyName', capabilities_with_commas], '',
             expected_stderr, 1
         )
         self._run_command(
-            ['create-key', '--duration', '86400001', 'goodKeyName', capabilities_with_commas], '',
-            expected_stderr, 1
+            ['key', 'create', '--duration', '86400001', 'goodKeyName', capabilities_with_commas],
+            '', expected_stderr, 1
         )
 
         # Create three keys
         self._run_command(
-            ['create-key', 'goodKeyName-One', capabilities_with_commas],
+            ['key', 'create', 'goodKeyName-One', capabilities_with_commas],
             'appKeyId0 appKey0\n',
             '',
             0,
         )
         self._run_command(
             [
-                'create-key', '--bucket', 'my-bucket-a', 'goodKeyName-Two',
+                'key', 'create', '--bucket', 'my-bucket-a', 'goodKeyName-Two',
                 capabilities_with_commas + ',readBucketEncryption'
             ],
             'appKeyId1 appKey1\n',
@@ -705,7 +763,7 @@ def test_keys(self):
         )
         self._run_command(
             [
-                'create-key', '--bucket', 'my-bucket-b', 'goodKeyName-Three',
+                'key', 'create', '--bucket', 'my-bucket-b', 'goodKeyName-Three',
                 capabilities_with_commas
             ],
             'appKeyId2 appKey2\n',
@@ -713,20 +771,35 @@ def test_keys(self):
             0,
         )
         self._run_command(
-            ['create-key', '--all-capabilities', 'goodKeyName-Four'],
+            ['key', 'create', '--all-capabilities', 'goodKeyName-Four'],
             'appKeyId3 appKey3\n',
             '',
             0,
         )
         self._run_command(
-            ['create-key', '--bucket', 'my-bucket-b', 'goodKeyName-Five', capabilities_with_commas],
+            [
+                'key', 'create', '--bucket', 'my-bucket-b', 'goodKeyName-Five',
+                capabilities_with_commas
+            ],
             'appKeyId4 appKey4\n',
             '',
             0,
         )
+        self._run_command(
+            ['create-key', '--bucket', 'my-bucket-b', 'goodKeyName-Six', capabilities_with_commas],
+            'appKeyId5 appKey5\n',
+            'WARNING: create-key command is deprecated. Use key instead.\n',
+            0,
+        )
 
         # Delete one key
-        self._run_command(['delete-key', 'appKeyId2'], 'appKeyId2\n', '', 0)
+        self._run_command(['key', 'delete', 'appKeyId2'], 'appKeyId2\n', '', 0)
+
+        # test deprecated command
+        self._run_command(
+            ['delete-key', 'appKeyId5'], 'appKeyId5\n',
+            'WARNING: delete-key command is deprecated. Use key instead.\n', 0
+        )
 
         # Delete one bucket, to test listing when a bucket is gone.
         self._run_command_ignore_output(['delete-bucket', 'my-bucket-b'])
@@ -746,11 +819,20 @@ def test_keys(self):
             appKeyId4   goodKeyName-Five       id=bucket_1            -            -          ''   readFiles,listBuckets
             """.format(','.join(sorted(ALL_CAPABILITIES)))
 
-        self._run_command(['list-keys'], expected_list_keys_out, '', 0)
-        self._run_command(['list-keys', '--long'], expected_list_keys_out_long, '', 0)
+        self._run_command(['key', 'list'], expected_list_keys_out, '', 0)
+        self._run_command(['key', 'list', '--long'], expected_list_keys_out_long, '', 0)
+
+        self._run_command(
+            ['list-keys'], expected_list_keys_out,
+            'WARNING: list-keys command is deprecated. Use key instead.\n', 0
+        )
+        self._run_command(
+            ['list-keys', '--long'], expected_list_keys_out_long,
+            'WARNING: list-keys command is deprecated. Use key instead.\n', 0
+        )
 
         # authorize and make calls using application key with no restrictions
-        self._run_command(['authorize-account', 'appKeyId0', 'appKey0'], None, '', 0)
+        self._run_command(['account', 'authorize', 'appKeyId0', 'appKey0'], None, '', 0)
         self._run_command(
             ['list-buckets'],
             'bucket_0  allPublic   my-bucket-a\nbucket_2  allPublic   my-bucket-c\n', '', 0
@@ -773,7 +855,7 @@ def test_keys(self):
         self._run_command(['get-bucket', 'my-bucket-a'], expected_json_in_stdout=expected_json)
 
         # authorize and make calls using an application key with bucket restrictions
-        self._run_command(['authorize-account', 'appKeyId1', 'appKey1'], None, '', 0)
+        self._run_command(['account', 'authorize', 'appKeyId1', 'appKey1'], None, '', 0)
 
         self._run_command(
             ['list-buckets'], '', 'ERROR: Application key is restricted to bucket: my-bucket-a\n', 1
@@ -1592,9 +1674,16 @@ def test_get_account_info(self):
             "downloadUrl": "http://download.example.com",
             "s3endpoint": "http://s3.api.example.com",
         }
+        self._run_command(
+            ['account', 'get'],
+            expected_json_in_stdout=expected_json,
+        )
+        # test deprecated command
         self._run_command(
             ['get-account-info'],
             expected_json_in_stdout=expected_json,
+            expected_stderr=
+            'WARNING: get-account-info command is deprecated. Use account instead.\n',
         )
 
     def test_get_bucket(self):
@@ -2285,7 +2374,7 @@ def test_restrictions(self):
 
         # Authorize an account with the master key.
         account_id = self.account_id
-        self._run_command_ignore_output(['authorize-account', account_id, self.master_key])
+        self._run_command_ignore_output(['account', 'authorize', account_id, self.master_key])
 
         # Create a bucket to use
         bucket_name = 'restrictedBucket'
@@ -2303,7 +2392,7 @@ def test_restrictions(self):
         file_prefix = 'some/file/prefix/'
         self._run_command(
             [
-                'create-key', '--bucket', bucket_name, '--name-prefix', file_prefix, 'my-key',
+                'key', 'create', '--bucket', bucket_name, '--name-prefix', file_prefix, 'my-key',
                 capabilities
             ],
             app_key_id + ' ' + app_key + '\n',
@@ -2311,7 +2400,7 @@ def test_restrictions(self):
             0,
         )
 
-        self._run_command_ignore_output(['authorize-account', app_key_id, app_key])
+        self._run_command_ignore_output(['account', 'authorize', app_key_id, app_key])
 
         # Auth token should be in account info now
         self.assertEqual('auth_token_1', self.account_info.get_account_auth_token())
@@ -2336,7 +2425,7 @@ def test_restrictions(self):
                                      "restricted to bucket 'restrictedBucket', " \
                                      "restricted to files that start with 'some/file/prefix/' (unauthorized)\n"
         self._run_command(
-            ['create-key', 'goodKeyName-One', 'readFiles,listBuckets'],
+            ['key', 'create', 'goodKeyName-One', 'readFiles,listBuckets'],
             '',
             expected_create_key_stderr,
             1,
@@ -2355,7 +2444,7 @@ def test_list_buckets_not_allowed_for_app_key(self):
         # Authorizing with the key will fail because the ConsoleTool needs
         # to be able to look up the name of the bucket.
         self._run_command(
-            ['create-key', 'my-key', 'listFiles'],
+            ['key', 'create', 'my-key', 'listFiles'],
             'appKeyId0 appKey0\n',
             '',
             0,
@@ -2363,7 +2452,7 @@ def test_list_buckets_not_allowed_for_app_key(self):
 
         # Authorize with the key, which should result in an error.
         self._run_command(
-            ['authorize-account', 'appKeyId0', 'appKey0'],
+            ['account', 'authorize', 'appKeyId0', 'appKey0'],
             '',
             'ERROR: application key has no listBuckets capability, which is required for the b2 command-line tool\n',
             1,
@@ -2379,7 +2468,7 @@ def test_bucket_missing_for_bucket_key(self):
             0,
         )
         self._run_command(
-            ['create-key', '--bucket', 'my-bucket', 'my-key', 'listBuckets,listFiles'],
+            ['key', 'create', '--bucket', 'my-bucket', 'my-key', 'listBuckets,listFiles'],
             'appKeyId0 appKey0\n',
             '',
             0,
@@ -2391,7 +2480,7 @@ def test_bucket_missing_for_bucket_key(self):
         # Authorizing with the key will fail because the ConsoleTool needs
         # to be able to look up the name of the bucket.
         self._run_command(
-            ['authorize-account', 'appKeyId0', 'appKey0'],
+            ['account', 'authorize', 'appKeyId0', 'appKey0'],
             '',
             "ERROR: unable to authorize account: Application key is restricted to a bucket that doesn't exist\n",
             1,
@@ -2407,14 +2496,14 @@ def test_ls_for_restricted_bucket(self):
             0,
         )
         self._run_command(
-            ['create-key', '--bucket', 'my-bucket', 'my-key', 'listBuckets,listFiles'],
+            ['key', 'create', '--bucket', 'my-bucket', 'my-key', 'listBuckets,listFiles'],
             'appKeyId0 appKey0\n',
             '',
             0,
         )
 
         # Authorize with the key and list the files
-        self._run_command_ignore_output(['authorize-account', 'appKeyId0', 'appKey0'],)
+        self._run_command_ignore_output(['account', 'authorize', 'appKeyId0', 'appKey0'],)
         self._run_command(
             ['ls', *self.b2_uri_args('my-bucket')],
             '',
@@ -2431,7 +2520,7 @@ def test_bad_terminal(self):
         )
         stderr = mock.MagicMock()
         console_tool = self.console_tool_class(stdout, stderr)
-        console_tool.run_command(['b2', 'authorize-account', self.account_id, self.master_key])
+        console_tool.run_command(['b2', 'account', 'authorize', self.account_id, self.master_key])
 
     def test_passing_api_parameters(self):
         self._authorize_account()
@@ -2618,7 +2707,7 @@ def test_escape_c0_char_on_key_restricted_path(self):
         # Create a key
         self._run_command(
             [
-                'create-key', '--bucket', 'my-bucket-0', '--name-prefix', cc_name, 'key1',
+                'key', 'create', '--bucket', 'my-bucket-0', '--name-prefix', cc_name, 'key1',
                 'listBuckets,listKeys'
             ],
             'appKeyId0 appKey0\n',
@@ -2626,7 +2715,7 @@ def test_escape_c0_char_on_key_restricted_path(self):
         )
 
         # Authorize with the key
-        self._run_command(['authorize-account', 'appKeyId0', 'appKey0'], expected_status=0)
+        self._run_command(['account', 'authorize', 'appKeyId0', 'appKey0'], expected_status=0)
 
         self._run_command(
             ['ls', *self.b2_uri_args('my-bucket-0'), '--no-escape-control-characters'],