Skip to main content

envshed token

Manage authentication tokens (personal and service).

Personal Token Subcommands

envshed token set

Set an API token directly.

envshed token set <token>

envshed token show

Display the current token (masked for security).

$ envshed token show
envshed_abc...xyz9

envshed token clear

Remove the saved token.

envshed token clear

Service Token Subcommands

envshed token create-service

Create a service token for an organization.

envshed token create-service -o <org-slug> -n <name> [options]
OptionDescriptionDefault
-o, --org <slug>Organization slug (required)
-n, --name <name>Token name (required)
-d, --description <text>Token description
-s, --scope <scope>Scope: org, project, or environmentorg
--project-id <id>Project ID (required for project/environment scope)
--environment-id <id>Environment ID (required for environment scope)
-p, --permission <perm>Permission: read or read_writeread
--expires-in <days>Expiration in daysNo expiration

Example:

envshed token create-service \
-o my-org \
-n "GitHub Actions" \
-s project \
--project-id abc123 \
-p read \
--expires-in 90

envshed token list-service

List service tokens for an organization.

envshed token list-service -o <org-slug>
OptionDescription
-o, --org <slug>Organization slug (required)

envshed token revoke-service

Revoke a service token.

envshed token revoke-service -o <org-slug> --id <token-id>
OptionDescription
-o, --org <slug>Organization slug (required)
--id <id>Service token ID (required)

Notes

Personal tokens are stored in ~/.envshed/config.json. The envshed login command also writes to this file — envshed token set is an alternative for scripts or CI/CD environments where browser-based login isn't possible.

Service tokens are managed server-side and are scoped to an organization. See Service Tokens for details.