Install and authenticate

The CLI is a single repost binary. Install it first, then authenticate before running commands that talk to your Repost account.

Install the binary

Use the installer for your operating system. The installer downloads the matching release and installs the repost binary.

curl -fsSL https://releases.repost.sh/cli/install.sh | sh

Check the version

repost version

Authenticate

For day-to-day use, browser login is the recommended path.

repost auth login

Authentication methods

Browser login
API token
CI

repost auth login opens the Repost app in your browser, waits for a local callback, then stores the generated API token securely. The browser flow waits for up to 5 minutes.

repost auth login

Use this on your own workstation. If a token is already saved, repost auth login keeps the existing token and asks you to run repost auth logout before switching accounts.

repost auth token stores an API token without opening a browser. The command accepts the token as an argument, from stdin, or from an interactive prompt.

repost auth token rp_your_token_here

Create tokens from the dashboard when you need a named, expiring credential for a workstation or automation. See API tokens.Tokens must start with rp_ and be 43 characters long.

For CI or short-lived environments, set REPOST_TOKEN. Environment authentication takes priority over stored credentials.

export REPOST_TOKEN=rp_your_token_here
repost auth status

Credential storage

System keychain first

The CLI uses macOS Keychain, Windows Credential Manager, or a Linux keyring when available.

Encrypted file fallback

If a system keychain is unavailable, the CLI stores an encrypted token in the config directory.

Environment wins

REPOST_TOKEN overrides any token saved by repost auth login or repost auth token.

Token lookup order

The CLI reads credentials in this order:

Source	When it is used
`REPOST_TOKEN`	Set this for CI, scripts, and temporary shells. It overrides stored credentials.
Secure storage	Created by `repost auth login` or `repost auth token`.

Clear REPOST_TOKEN before testing a token saved on your machine.

Verify or remove authentication

repost auth status

repost auth status validates the token when the server is reachable. If a stored token was revoked, the CLI removes the local copy and asks you to authenticate again. If the server cannot be reached, repost auth status falls back to local state. It shows the configured auth method and the config directory, but it cannot prove that the token is still valid.

repost auth logout attempts to revoke the stored token on the server, then removes the token saved in secure storage. It does not unset REPOST_TOKEN; clear that environment variable separately for CI or temporary shells.

Configuration location

The CLI stores local preferences in an operating-system-specific config directory. The same directory is used for encrypted token fallback when a system keychain is unavailable. --config has the highest priority. REPOST_CONFIG_DIR is the environment equivalent.

repost --config ./tmp/repost-cli auth status

The config file stores local state such as the CLI session ID, preferred type-generation language, and generation options. Service URLs are resolved at runtime from build defaults or environment overrides. REPOST_BASE_URL derives all service URLs from one base domain. More specific variables override that derived value.

Variable	Derived value when `REPOST_BASE_URL=example.com`
`REPOST_API_URL`	`https://cli.example.com`
`REPOST_WEB_URL`	`https://app.example.com`
`REPOST_WS_URL`	`wss://ws.example.com/ws`

​Authentication methods

​Credential storage

System keychain first

Encrypted file fallback

Environment wins

​Token lookup order

​Verify or remove authentication

​Configuration location

Authentication methods

Credential storage

Token lookup order

Verify or remove authentication

Configuration location