SecurityToken Handling

Token Handling

Treat personal API tokens like deploy keys.

  • Store tokens in CI secrets or a password manager.
  • Never commit tokens to git.
  • Prefer short-lived local shell variables for one-off commands.
  • Revoke tokens that are no longer tied to an active user or workflow.
export IP_TOKEN=ipat_xxx
npx @internalpage/cli pages create ./report.html
unset IP_TOKEN