Renamed.to logorenamed.to
Back to renamed.to
Documentation
CLI/auth

renamed auth

Secure OAuth authentication. Your credentials never touch shell history or environment variables.

renamed auth <command>

The auth command manages authentication using OAuth device flow. It opens your browser for secure login — no API keys to copy or secrets to expose.

Tokens are stored encrypted in your system keychain (macOS Keychain, Linux libsecret, Windows Credential Manager), not in plain text files.

Subcommands

login

Authenticate with your renamed.to account via browser (OAuth device flow).

token

Store an API token manually. Useful for CI/CD environments.

logout

Remove stored credentials from keychain.

whoami

Display the currently authenticated user.

status

Check authentication status and remaining credits.

refresh

Manually refresh an expired token.

Examples

Log in (opens browser):

$ renamed auth login

Opening browser for authentication...
Waiting for approval...
✓ Successfully authenticated as alex@example.com

Check status and remaining credits:

$ renamed auth status

Logged in as: alex@example.com
Token expires: 2026-02-08 14:30:00
Credits remaining: 847

Headless login (no browser available):

$ renamed auth login --no-open

Visit this URL to authenticate:
https://renamed.to/device?code=ABCD-1234

Store a token manually (CI/CD):

$ renamed auth token --token rnt_abc123...

✓ Token stored successfully

Check who you are logged in as:

$ renamed auth whoami

alex@example.com

Log out:

$ renamed auth logout

✓ Logged out successfully

Login Options

--no-open

Don't open browser automatically. Outputs a URL to visit on another device.

--client-id <id>

Custom OAuth client ID for enterprise SSO.

--client-secret <secret>

Custom OAuth client secret for enterprise SSO.

--scope <scopes>

Comma-separated list of OAuth scopes to request.

Token Options

-t, --token <token>

The API token to store.

-s, --scheme <scheme>

Authorization scheme (default: Bearer).

--non-interactive

Don't prompt for input. Exit with error if token is missing.

Token Storage

macOS — Keychain Access

Linux — libsecret (GNOME Keyring, KWallet)

Windows — Credential Manager

Environment Variables

RENAMED_TOKEN — API token for authentication (alternative to auth token)

RENAMED_CLIENT_ID — Custom OAuth client ID for enterprise SSO

RENAMED_CLIENT_SECRET — Custom OAuth client secret for enterprise SSO

Tips

Before installing as a service — Always run renamed auth login before renamed service install. The service needs cached credentials to operate.

Headless servers — Use --no-open on servers without a display. Copy the URL and authenticate from any device with a browser.

CI/CD environments — Use RENAMED_TOKEN environment variable or auth token command.

Token expiry — Tokens refresh automatically. If you see auth errors, run renamed auth refresh or log in again.

See Also

service — deploy as systemd servicewatch — monitor folders for new files