(cli-auth)=
Manage the token used by benchbox submit --service.
Tokens are stored in the operating system keyring through the Python
keyring package. They are not written to BenchBox config files. For
automation, BENCHBOX_SUBMIT_TOKEN takes precedence over
BENCHBOX_SERVICE_TOKEN, and both environment variables take precedence
over the keyring.
uv run -- benchbox auth COMMAND [OPTIONS]| Command | Description |
|---|---|
login |
Store a hosted results token in the OS keyring |
status |
Show whether a token is available for a service URL |
refresh |
Replace the stored keyring token |
logout |
Remove the stored keyring token |
# Prompt for a token and store it securely
uv run -- benchbox auth login
# Store a token for a staging service
uv run -- benchbox auth login --service https://staging.benchbox.dev/v1
# Check whether BenchBox can submit to the default service
uv run -- benchbox auth status
# Replace a stored token
uv run -- benchbox auth refresh
# Remove a stored token
uv run -- benchbox auth logoutPrefer the prompt or an environment variable for secrets. benchbox auth login --token ...
exists for controlled automation, but command-line token values can be captured
by shell history and process listings on some systems.
For CI or ephemeral environments:
export BENCHBOX_SUBMIT_TOKEN=...
uv run -- benchbox submit --last --serviceBENCHBOX_SUBMIT_TOKEN is the primary hosted submission variable.
BENCHBOX_SERVICE_TOKEN remains supported as a fallback for older automation.
Environment tokens are never saved by BenchBox. If an environment token is
active, uv run -- benchbox auth refresh asks you to update or unset that
environment variable instead of hiding a replacement keyring token behind it.