cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon railwayapp

Generate project-wide tokens within the CLI

Open ajhalili2006 opened this issue 4 years ago • 1 comments

About this Issue

Generating an API token for the project (assuming permissions are tied to my account's permissions on specific project) in the UI is fine, but what about people who don't bothered to open the browser or in an GUI-less machine?

In order to generate it, all of prerequisites should be reached:

  • signed in to the CLI
  • has project access with atleast write to generate tokens

The command will look like this:

$ railway tokens new [--env="production"]
Token name (if left blank, we'll generate it for you): nonsense-holy-call-what (generated by CLI)
Here's your project token for this project:

============================================================
Project ID: <project-id-over-there-probably-uuidv4-ones>
Project token: railway_<SOME-RANDOM-TEXT-OVER-HERE>
============================================================

This will be the only time you see the token. If you ever lost it or get leaked, you need to revoke this one.
Keep this project token secret, as this have the same permissions as you would, preferably in an password manager
like Bitwarden and 1Password or secret management apps like HashiCorp Vault and GitHub's built-in encrypted
environment variables.

Note that there's railway_ in example token output, that because I assume that Railway will apply for GitHub's secret scanning solution in the future.

Possible Alternative Solutions

  • Copy the ~/.railway directory to other machine and removing everything expect the JWT token for the Railway API.
  • Grab the JWT token from the webapp through DevTools (sounds tricky) and do some cURLing to specific endpoints delicated to project token generation. (API is undocumented for curl usage at time of writing.)

Related Issues

  • https://github.com/railwayapp/cli/issues/105 for using RAILWAY_TOKEN in commands like up, run, etc.

ajhalili2006 avatar May 21 '21 04:05 ajhalili2006

Since the API is now (?) quite a bit easier to work with, if someone still wants this, I can try to build it out.

If I'm missing some information and this is not possible, please let me know before I try it.

image

alexng353 avatar Nov 04 '24 09:11 alexng353

Working from the bottom of the comment box here, but I think we wouldn't want to add this functionality unless we see a compelling use-case for it.

That said, we are going to revamp the token behavior (finally) such that working with tokens is an easier affair.

ndneighbor avatar Nov 13 '25 04:11 ndneighbor