store-token

Encrypts a Library Token and saves it locally, keyed by workspace URL. After running this, you can pass --token auto to any other command — the CLI will look up the matching entry, decrypt it, and use it for that call.

Syntax

curiosity-cli store-token \
  --server https://my-workspace.example.com/ \
  --token  $CURIOSITY_TOKEN

Then, on subsequent commands:

curiosity-cli test           -s https://my-workspace.example.com/ -t auto
curiosity-cli upload-folder  -s https://my-workspace.example.com/ -t auto -p ./docs

Options

Where the token lives

The store is a per-user config file in the OS app-data directory:

Entries are indexed by a hash of the server URL and encrypted using the URL itself as the key derivation seed. The file is owned by the calling user — protect it the same way you would an SSH private key.

Updating or rotating

Re-running store-token for the same server URL replaces the existing entry. There is no separate remove command — to remove an entry, delete the config file or use dotnet user-secrets-style tooling to edit it.

Limitations

• The encrypted blob is not portable between machines — the keying uses local state that won't match elsewhere.
• The same server URL maps to a single token. For multi-user / multi-tenant scenarios, switch to environment variables (-t "$CURIOSITY_TOKEN") per shell.

Remarks

• Use store-token for local development so you can pass --token auto instead of repeating raw tokens on the command line.
• The stored entry is keyed by server URL and is not portable between machines; re-running for the same URL replaces the existing entry.
• For CI or multi-tenant use, prefer per-shell environment variables over a stored token.

See also

• Common Options — full list of arguments that interact with --token.
• Endpoint Tokens — JWT bearer tokens used to call custom endpoints (a different concept).