Skip to main content
Use workspace API keys for CI, headless shells, and automation. They are bound to one workspace and can run clones, upload/read traces, and read usage for that workspace. They cannot manage API keys or audit events. Create, list, and revoke keys with an owner/admin user session from archal login:
archal workspace api-key create ci-runner
archal workspace api-keys
archal workspace api-key revoke <key-id>
create prints the secret once. Store it as ARCHAL_TOKEN:
export ARCHAL_TOKEN=archal_ws_<your-key>
Use --workspace <name|id> when your user belongs to multiple workspaces:
archal workspace api-key create ci-runner --workspace acme-prod

JSON output

archal workspace api-key create ci-runner --json
archal workspace api-keys --json
archal workspace api-key revoke <key-id> --json

Scopes

The default scopes are enough for CI runs:
archal workspace api-key create ci-runner \
  --scope sessions:read sessions:write workspaces:read
Use archal login or a dashboard-issued user API key for workspace administration. Workspace API keys cannot create or revoke other workspace API keys.