Skip to content
pipe pipe

Authentication

Logging in

Pipe uses a device authorization flow:

Terminal window
pipe login

This will:

  1. Generate a device code and display a verification URL
  2. Open your browser to the verification page
  3. Poll for authorization until you approve the device
  4. Save credentials to ~/.pipe/credentials.json

If you’re already logged in, Pipe prompts for confirmation before re-authenticating.

Checking your identity

Terminal window
pipe whoami

Verifies your stored credentials against the Hub and displays your username. Useful for checking if credentials are still valid after revoking a device from the web dashboard.

Logging out

Terminal window
pipe logout

Revokes the device and API key on the server, then removes stored credentials from ~/.pipe/credentials.json. If the server is unreachable, local credentials are still deleted with a warning.

Unauthenticated access

Some Hub operations work without authentication (e.g., pulling public pipelines), but with lower API rate limits. Pushing always requires authentication.

Custom Hub URL

Override the Hub API endpoint with the PIPEHUB_URL environment variable:

Terminal window
export PIPEHUB_URL=https://hub.internal.example.com
pipe login

Default: https://hub.getpipe.dev

Credentials storage

Credentials are stored in plain JSON at ~/.pipe/credentials.json. The file contains an API key used for Authorization: Bearer headers on all authenticated requests.