> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tryardent.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Sign in to Ardent from your terminal or a headless environment

Ardent supports two CLI authentication modes:

* **Browser login** for local development.
* **API tokens** for CI, scripts, and other headless environments.

## ardent login

Open your browser to authenticate with GitHub or email:

```bash theme={null}
ardent login
```

After login, Ardent automatically selects your project and connector if you only have one of each, so you can go straight to `ardent branch create`.

<Accordion defaultOpen={false} title="Example output: one project and one connector">
  ```text theme={null}
  ✓ Logged in as vikram@tryardent.com

    Auto-selected project 'my-app'
    Auto-selected connector 'my-app-db'
    Ready to branch:
    ardent branch create <name>
  ```
</Accordion>

<Accordion defaultOpen={false} title="Example output: multiple projects">
  ```text theme={null}
  ✓ Logged in as vikram@tryardent.com

  3 projects found.
  Next step: select a project: ardent project switch <name>
  List your projects: ardent project list
  ```
</Accordion>

## Token login

For one-off headless login, pass a token directly:

```bash theme={null}
ardent login --token <your-token>
```

For repeat automation, prefer the `ARDENT_TOKEN` environment variable in a clean CI environment. It avoids writing a session to disk and makes the job's credential source obvious:

```bash theme={null}
export ARDENT_TOKEN="sk-ard_..."
ardent project list
ardent branch create pr-123 --print-url
```

If a machine already has a stored browser or token login, the stored token is used before `ARDENT_TOKEN`. In CI, run on a clean runner or run `ardent logout` before setting `ARDENT_TOKEN` if you need to guarantee the environment variable is the only credential source.

In GitHub Actions:

```yaml theme={null}
env:
  ARDENT_TOKEN: ${{ secrets.ARDENT_TOKEN }}

steps:
  - run: npm install -g ardent-cli
  - run: ardent logout  # important on self-hosted runners; harmless on clean runners
  - run: ardent project switch my-project
  - run: ardent connector switch prod-db
  - run: echo "DATABASE_URL=$(ardent branch create pr-${{ github.run_id }} --print-url)" >> "$GITHUB_ENV"
```

Create and revoke API tokens from **Ardent dashboard > Settings > API keys**. Store tokens in your secret manager and rotate them if they are exposed.

## ardent status

Check your current authentication, project, connector, and branch:

```bash theme={null}
ardent status
```

<Accordion defaultOpen={false} title="Example output">
  ```text theme={null}
  ✓ Authenticated
    Email:   vikram@tryardent.com
    Org:     Ardent
  ```
</Accordion>

If the CLI is authenticated only through `ARDENT_TOKEN`, status may show token-based authentication and ask you to run `ardent login` to refresh profile details. That is fine for CI.

## ardent logout

Clear stored credentials, stored API URL, current selections, and cached workspace data from this machine:

```bash theme={null}
ardent logout
```

This does not revoke API tokens in the dashboard. Revoke tokens from **Settings > API keys** when you want to invalidate them.