> ## Documentation Index
> Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication & CI

> Authenticate the Dynamic CLI through your browser for interactive use, or with a token for CI and automation.

The CLI authenticates against the [Dynamic dashboard](https://app.dynamic.xyz). Use browser login when you're working interactively, and a token when you're running in CI or any non-interactive context.

## Interactive login

```sh theme={"system"}
dyn auth login
```

The CLI opens your browser, you approve the request from the dashboard, and the token is stored locally. Login also auto-selects the first available environment so your next command works immediately.

Check what you're authenticated as and which environment is active:

```sh theme={"system"}
dyn status
```

Log out to clear the stored token — do this on shared machines:

```sh theme={"system"}
dyn auth logout
```

## Non-interactive (CI)

In CI there's no browser to complete the login flow. Provide a token through the `DYN_CLI_TOKEN` environment variable instead:

```sh theme={"system"}
export DYN_CLI_TOKEN=<your-token>
dyn status
```

When `DYN_CLI_TOKEN` is set, the CLI uses it directly and skips the browser flow.

<Warning>
  Treat `DYN_CLI_TOKEN` as a secret. Store it in your CI provider's secret manager, never in source control, and scope it to the environment the pipeline needs.
</Warning>

## Running commands non-interactively

Destructive commands (delete, revoke, disable, reset) prompt for confirmation by default. In CI there's no one to answer the prompt, so pass `-y`/`--yes`:

```sh theme={"system"}
dyn users delete <user-id> --yes
```

For [`dyn apply`](/cli/guides/config-as-code), the safety gates also require explicit opt-in flags when the plan includes risky changes — for example `--allow-critical-changes` or `--allow-delete`. Combine them with `--yes` for a fully non-interactive apply:

```sh theme={"system"}
dyn apply -f env.yaml --yes --allow-critical-changes
```

<Tip>
  Add `--no-color` in CI to strip ANSI escape codes from logs, and `-o json` when a later step needs to parse the output.
</Tip>

## Example: GitHub Actions

```yaml theme={"system"}
- name: Check Dynamic config drift
  env:
    DYN_CLI_TOKEN: ${{ secrets.DYN_CLI_TOKEN }}
  run: |
    npm install -g @dynamic-labs/dynamic-console-cli
    dyn apply -f envs/live.yaml --dry-run --no-color
```

## Related

* [Getting started](/cli/getting-started) — first-time setup.
* [Config as code](/cli/guides/config-as-code) — export and apply in pipelines.
