CLI Tokens
CLI tokens authenticate the Azath CLI with your account. Each device or CI environment gets its own token for granular access control.
How Tokens Work
When you run azath auth login, a token is generated and stored securely on your device. This token:
- ▸Authenticates all CLI commands as your account
- ▸Syncs findings to your organization's web dashboard
- ▸Enables team-based scan policies
- ▸Can be revoked without affecting other devices
Viewing Your Tokens
All active tokens are listed in the dashboard under Profile → CLI Tokens. Each entry shows:
- ▸ Device name
- ▸ Created date
- ▸ Last used date
- ▸ Expiration (if set)
Revoking Tokens
Revoke a token from the dashboard to immediately block that device from accessing your account. This is useful when:
- ▸ A device is lost or stolen
- ▸ An employee leaves the team
- ▸ A CI token is compromised
◈ Token Storage
Tokens are stored in the OS keyring — macOS Keychain, Windows Credential Store, or libsecret on Linux. They are never stored in plain text on disk.
CI/CD Tokens
For automated pipelines, set the token via environment variable:
# GitHub Actions example
env:
AZATH_TOKEN: ${{ secrets.AZATH_TOKEN }}Store the token in your CI provider's secrets manager and never commit it to your repository.