store-token
Encrypts a Library Token and saves it locally, keyed by workspace URL. After running this, you can pass --token auto to any other command — the CLI will look up the matching entry, decrypt it, and use it for that call.
Usage
curiosity-cli store-token \
--server https://my-workspace.example.com/ \
--token $CURIOSITY_TOKEN
Then, on subsequent commands:
curiosity-cli test -s https://my-workspace.example.com/ -t auto
curiosity-cli upload-folder -s https://my-workspace.example.com/ -t auto -p ./docs
Options
| Flag | Alias | Default | Description |
|---|---|---|---|
--server |
-s |
- | Workspace URL. The same URL must be passed when reading the token. |
--token |
-t |
- | The plain-text Library Token to encrypt and store. |
Where the token lives
The store is a per-user config file in the OS app-data directory:
| Platform | Path |
|---|---|
| Linux | ~/.config/.mosaik.cli.config (or $XDG_CONFIG_HOME/.mosaik.cli.config) |
| macOS | ~/Library/Application Support/mosaik.cli.config |
| Windows | %APPDATA%\.mosaik.cli.config |
Entries are indexed by a hash of the server URL and encrypted using the URL itself as the key derivation seed. The file is owned by the calling user — protect it the same way you would an SSH private key.
Updating or rotating
Re-running store-token for the same server URL replaces the existing entry. There is no separate remove command — to remove an entry, delete the config file or use dotnet user-secrets-style tooling to edit it.
Limitations
- The encrypted blob is not portable between machines — the keying uses local state that won't match elsewhere.
- The same server URL maps to a single token. For multi-user / multi-tenant scenarios, switch to environment variables (
-t "$CURIOSITY_TOKEN") per shell.
See also
- Common Options — full list of arguments that interact with
--token. - Endpoint Tokens — JWT bearer tokens used to call custom endpoints (a different concept).