GitHub Authentication

Authentication in envx-cli-tmr is designed to be quick and secure. We leverage GitHub OAuth directly, letting you authenticate your local environment without creating passwords.

# How It Works

When you execute envx login, the CLI opens a secure authentication gateway using standard browser-based GitHub OAuth authorization:

[ Terminal (envx) ] ──(Trigger Login)──> [ Browser GitHub OAuth ] │ │ (Exchanges Code) (Grant Permission) │ │ ▼ ▼ [ OS Keychain Vault ] <──(Save Session Token)────────┘

# Security Guarantees

Minimal Profile Access

We request minimal scopes from GitHub, solely referencing your profile username to verify membership in projects. We never request repository writes or access to personal setups.

Secure Local Token Vaulting

Once authentication succeeds, the session token is securely locked inside your operating system's native credential manager (macOS Keychain, Linux Secret Service, or Windows Credential Manager).

# Login Steps

1. Trigger Login

$ envx login

✔ Opening browser for GitHub OAuth...

2. Authorize in Browser

A browser page opens redirecting to GitHub OAuth. Simply click **Authorize envx-sync**.

3. Complete Session Setup

✔ Authentication successful!

✔ Token saved locally. You are ready to go.

Next Page: Team & Workspaces