diff --git a/standard/cli/command-reference/porter-auth.mdx b/standard/cli/command-reference/porter-auth.mdx index 97f12f8..0299d95 100644 --- a/standard/cli/command-reference/porter-auth.mdx +++ b/standard/cli/command-reference/porter-auth.mdx @@ -36,6 +36,13 @@ porter auth login --token After logging in, Porter automatically sets your default project and cluster if you have access to any. You can view these with `porter config`. +### Credential storage + +The location where credentials are persisted depends on the login method configured via [`porter config set-login-method`](/standard/cli/command-reference/porter-config#porter-config-set-login-method): + +- **`v1` (default):** A long-lived Porter JWT is written to `porter.yaml`. +- **`v2`:** Access and refresh tokens are stored in your OS credential store (macOS Keychain, Linux Secret Service, or Windows Credential Manager) and refreshed automatically. Switching to `v2` and logging in migrates any existing plaintext tokens out of `porter.yaml`. + --- ## `porter auth logout` diff --git a/standard/cli/command-reference/porter-config.mdx b/standard/cli/command-reference/porter-config.mdx index 2c15123..00fea65 100644 --- a/standard/cli/command-reference/porter-config.mdx +++ b/standard/cli/command-reference/porter-config.mdx @@ -66,6 +66,44 @@ Run `porter cluster list` first to see available clusters and their IDs. --- +## `porter config set-login-method` + +Select the authentication flow used by `porter auth login`. + +**Usage:** +```bash +porter config set-login-method [v1|v2] +``` + +**Modes:** + +| Mode | Description | +|------|-------------| +| `v1` | Legacy flow that issues a long-lived Porter JWT. The token is stored in `porter.yaml`. | +| `v2` | Refreshable session flow. Tokens are stored in your OS credential store (Keychain on macOS, Secret Service on Linux, Credential Manager on Windows) and are automatically refreshed. | + + +```bash Switch to v2 (recommended) +porter config set-login-method v2 +porter auth login +``` + +```bash Switch back to v1 +porter config set-login-method v1 +porter auth login +``` + + + +When you log in with `v2`, Porter stores your access and refresh tokens in the OS keyring instead of in `porter.yaml`. If you previously logged in with `v1`, switching to `v2` and logging in once migrates any plaintext tokens out of `porter.yaml` automatically. + + + +Use `v2` for local development on a single machine. For CI/CD pipelines, continue to use a `PORTER_TOKEN` environment variable — the keyring is intended for interactive sessions. + + +--- + ## Configuration File Porter stores configuration in `~/.porter/config.json`. You can also override settings using environment variables: