skytells login
Authenticate the CLI with your Skytells account using the OAuth 2.0 device flow or a personal access token.
Overview
skytells login authenticates your terminal session with Skytells. It must be run before any command that contacts the Skytells API.
The CLI stores your credentials at ~/.config/skytells/credentials.json with 0600 permissions. Once authenticated, credentials persist across sessions — you do not need to log in again until you explicitly log out or the token is revoked.
Syntax
skytells login [--token] [--scopes <scopes>]Flags
| Flag | Description |
|---|---|
--token | Non-interactive login. Prompts you to paste a personal access token instead of opening a browser. |
--scopes <scopes> | Comma-separated list of permission scopes to request. Defaults to inference,projects.read,deployments.read,account.read. |
Authentication methods
Device flow (default)
The device flow is the recommended method for interactive environments. It uses OAuth 2.0 Device Authorization Grant (RFC 8628) — no credentials are passed through the CLI process.
skytells loginWhat happens:
- The CLI requests a device code from Skytells
- A one-time code and authorization URL appear in your terminal
- Your browser opens the Skytells authorization page
- You approve access in the browser
- The CLI receives a token and stores it locally
Example terminal output:
⠋ Initiating device authorization...
Your device code is: ABCD-1234
Open this URL in your browser to authorize:
https://console.skytells.ai/device
Waiting for authorization...
✔ Authenticated successfully!
Credentials saved to ~/.config/skytells/credentials.jsonThe authorization window is valid for 15 minutes. If it expires, run skytells login again.
Personal access token
For non-interactive environments, CI/CD pipelines, or when you want to use a pre-generated token:
skytells login --tokenPaste your personal access token when prompted. Tokens follow the format sk_pat_<64 hex chars>.
Generate a token at console.skytells.ai/settings/tokens — see Access Tokens in the Console docs.
In CI/CD pipelines, skip interactive login entirely. Set SKYTELLS_TOKEN as an environment variable instead. See Advanced Usage.
Request specific scopes
By default, login requests the minimum scopes needed for typical usage. Request additional scopes when your workflow needs them:
skytells login --scopes inference,projects.read,projects.write,deployments.read,deployments.writeSee Token scopes for the full list of available scopes.
After authentication
After logging in, verify your session:
skytells whoamiTo work with a specific project, link its access key:
skytells link sk_proj_your_access_key_hereTroubleshooting
"Device code expired" — The browser authorization was not completed within 15 minutes. Run skytells login again.
"Token is invalid" — The pasted token contains a typo or has been revoked. Generate a new one at console.skytells.ai/settings/tokens.
See Troubleshooting for more error patterns.
How is this guide?