apkg token
The token command manages long-lived API tokens. Tokens let you authenticate non-interactively — for example in CI/CD pipelines or automation scripts — without storing your username and password. Unlike session credentials from apkg login, tokens do not expire on their own and must be explicitly revoked.
Synopsis
Section titled “Synopsis”apkg token <subcommand> [options]Subcommands
Section titled “Subcommands”token create
Section titled “token create”Create a new API token:
apkg token create [--label <name>] [--registry <URL>]| Option | Description |
|---|---|
--label <name> | A human-readable label to identify the token (e.g. ci-deploy) |
--registry <URL> | Create the token against a specific registry |
On success the CLI prints the token value. Copy it immediately — the full token is shown only once and cannot be retrieved later. If you lose it, revoke it and create a new one.
token list
Section titled “token list”List all active tokens for a registry:
apkg token list [--registry <URL>]The output shows each token’s label, a partial token prefix (for identification), and its creation date. Full token values are never displayed after creation.
token revoke
Section titled “token revoke”Revoke one or more tokens:
apkg token revoke <token-id-or-label> [--registry <URL>]You can revoke by token ID or by label. A revoked token stops working immediately — any pipeline or script using it will fail on its next authenticated request.
Using tokens in CI
Section titled “Using tokens in CI”Set the APKG_TOKEN environment variable so APKG authenticates without interactive login:
export APKG_TOKEN=<your-token>apkg install --frozen-lockfileapkg publishIn GitHub Actions this typically looks like:
env: APKG_TOKEN: ${{ secrets.APKG_TOKEN }}steps: - run: apkg install --frozen-lockfile - run: apkg publishWhen APKG_TOKEN is set, commands that require authentication use the token instead of looking for session credentials in ~/.apkg/credentials.json.
Examples
Section titled “Examples”Create a token with a label:
apkg token create --label ci-deployList your active tokens:
apkg token listRevoke a token by label:
apkg token revoke ci-deployCreate a token for a private registry:
apkg token create --label ci-internal --registry https://registry.internal.example.comRelated commands
Section titled “Related commands”| Command | Description |
|---|---|
login | Interactive authentication |
logout | Remove stored credentials |
whoami | Show the authenticated user |
publish | Publish a package (requires auth) |
key | Manage Ed25519 signing keys |