Skip to content

Commit b0e13f2

Browse files
committed
docs: update docs on pat usage for cli add-pat cmd
1 parent 12e033f commit b0e13f2

2 files changed

Lines changed: 39 additions & 26 deletions

File tree

docs/user-guides/account-management.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,9 @@ To create a PAT:
6767
- **Task history** — Allow you to use the token to view your entire task history, not filtered by project.
6868
4. Click **Create**. Copy the token immediately — it is shown **only once** and cannot be recovered afterwards.
6969

70+
After creating your PAT, the website will show you two options on how to store and use the PAT. For more advice on how to use a PAT in scripts and HPC jobs, see [Using DivBase Programmatically](./using-divbase-programmatically.md#use-personal-access-tokens-to-authenticate-programmatically).
71+
7072
You can have up to **5 active tokens** at a time. To revoke a token, click **Revoke** next to it on the Personal Access Tokens page.
7173

72-
For how to use a PAT in scripts and HPC jobs, see [Using DivBase Programmatically](./using-divbase-programmatically.md#use-personal-access-tokens-to-authenticate-programmatically).
74+
!!! tip "Scope your token to what the job needs and when you need it for"
75+
When creating the PAT, restrict it to the specific project(s) you need it for. Consider also setting an appropriate expiry date for the token. You can always revoke the token immediately if needed from the DivBase website.

docs/user-guides/using-divbase-programmatically.md

Lines changed: 35 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -4,49 +4,59 @@ Below is a set of tips for users who want to use DivBase in scripts/pipelines/pr
44

55
If you have any tips or suggestions to add to this page or any desired features, please let us know!
66

7-
## Use Personal Access Tokens to Authenticate programmatically
7+
## Use Personal Access Tokens to authenticate programmatically
88

9-
For scripts, pipelines, and HPC jobs the recommended approach is to use a **Personal Access Token (PAT)**. A PAT is a static bearer token that you create once via the website and pass to `divbase-cli` via an environment variable. When using a PAT, there is no login step and no password storage required.
9+
For scripts, pipelines, and HPC jobs the recommended approach is to use a **Personal Access Token (PAT)**. A PAT is a static bearer token that you create once via the website. When using a PAT, there is no login step and no password storage required.
1010

11-
See [Account Management — Personal Access Tokens](./account-management.md#personal-access-tokens) for how to create/and remove PATs.
11+
See [Account Management — Personal Access Tokens](./account-management.md#personal-access-tokens) for how to create and revoke PATs.
1212

13-
Once you have a token, set the `DIVBASE_API_PAT` environment variable to it. `divbase-cli` will automatically use it in every request.
13+
You can store/use a PAT in two ways
1414

15-
!!! question "What if I have both an active login session and a Personal Access Token set?"
16-
`divbase-cli` prioritises an active login session over a PAT. If you have both, the CLI will use the active session and ignore the PAT. To use the PAT, you would need to run `divbase-cli auth logout` first.
15+
### Option 1 — Let `divbase-cli` handle storing the PAT (recommended)
16+
17+
After creating a PAT on the website, store it on your device by copy pasting the pre-filled commands shown on the website, it will look something like this:
1718

1819
```bash
19-
export DIVBASE_API_PAT="divbase_pat_your_token_here"
20-
divbase-cli files ls
20+
# with an expiry date:
21+
divbase-cli auth add-pat "my-pat-name" --expires UNIX_TIMESTAMP
22+
# or without an expiry date:
23+
divbase-cli auth add-pat "my-pat-name"
24+
```
25+
26+
You will be prompted to paste the token value. It is then stored securely in your OS keyring (or in a restricted file if no keyring is available) and used automatically on every subsequent `divbase-cli` command.
27+
28+
```bash
29+
divbase-cli auth pat-info # show name and expiry of the stored PAT
30+
divbase-cli auth rm-pat # remove the stored PAT from this device
2131
```
2232

23-
When `DIVBASE_API_PAT` is set, `divbase-cli` does not need you to be logged in.
33+
!!! info "This strategy works on HPC clusters"
34+
On the login node with divbase-cli [installed as we recommend](./installation.md), store the PAT as described above. The token will be available to all your jobs running on the cluster, without needing to worry about setting any environment variables in your job scripts.
2435

25-
### Example: Slurm job script
36+
### Option 2 — Environment variable
2637

27-
The cleanest way to use a PAT in a SLURM job is to store the token in a restricted file and load it at job start:
38+
Set `DIVBASE_API_PAT` in your shell or job script:
2839

2940
```bash
30-
echo "divbase_pat_your_token_here" > ~/.divbase_pat
31-
chmod 600 ~/.divbase_pat # only readable/writeable by the owner
41+
export DIVBASE_API_PAT="divbase_pat_your_token_here"
42+
divbase-cli files ls
3243
```
3344

34-
Then in your SLURM script:
45+
You may prefer this if you want explicit per-job control of which token is used.
3546

36-
```bash
37-
#!/bin/bash
38-
#SBATCH --job-name=my_divbase_job
39-
#SBATCH --time=24:00:00
40-
# ....
47+
1. Store it securely on your device using `divbase-cli auth add-pat` (recommended and works on HPC clusters!)
48+
2. Set it as an environment variable `DIVBASE_API_PAT` (can give you more control over which token is used when)
4149

42-
export DIVBASE_API_PAT=$(cat ~/.divbase_pat)
50+
!!! question "What if I have both an active login session and a personal access token set?"
51+
`divbase-cli` follows this priority order:
4352

44-
# Download the files you need
45-
divbase-cli files download my_data.vcf.gz
46-
```
53+
1. **Active login session** (from `divbase-cli auth login`) — highest priority
54+
2. **`DIVBASE_API_PAT` environment variable**
55+
3. **CLI-stored PAT** (from `divbase-cli auth add-pat`)
56+
57+
To use a PAT when you are also logged in, run `divbase-cli auth logout` first.
4758

48-
!!! tip "Scope your token to what the job needs and when you need it for"
49-
When creating the PAT, restrict it to the specific project(s) you need it for. Consider also setting an appropriate expiry date for the token. You can always revoke the token immediately if needed from the DivBase website.
59+
Your logged in account will have the same or more permissions that your PATs, this is why we follow this order.
5060

5161
## Parse divbase-cli files ls/info output programmatically
5262

0 commit comments

Comments
 (0)