mintlify · mintlify · Apr 7, 2026
diff --git a/cli/commands.mdx b/cli/commands.mdx
@@ -40,7 +40,9 @@
 mint login
 ```
 
-Opens a browser window to complete authentication. If the browser does not open, the CLI displays a URL to open manually and a prompt to paste the authorization code. Credentials save in `~/.config/mintlify/config.json`.
+Opens a browser window to complete authentication. If the browser does not open, the CLI displays a URL to open manually and a prompt to paste the authorization code. Credentials are stored securely in your operating system's keychain. When your access token expires, the CLI automatically refreshes it without requiring you to log in again.
+
+You can also authenticate using the `MINTLIFY_SESSION_TOKEN` environment variable for CI/CD or headless environments. See [Preview locally](/cli/preview#authenticate-with-an-environment-variable) for details.
 
 ---
 
@@ -106,7 +108,7 @@

 | Flag | Description |
 | --- | --- |
 | `--query` | Filter by search query substring. |
 | `--page` | Filter by top clicked page. |

 ### `mint analytics feedback`
@@ -142,7 +144,7 @@
 | --- | --- |
 | `--page` | Filter conversations that reference a specific page in sources. |

 #### `mint analytics conversation view <conversation-id>`

 View a single conversation by ID. Use `mint analytics conversation list` to get IDs.

@@ -158,7 +160,7 @@
 mint analytics conversation buckets list
 ```

 #### `mint analytics conversation buckets view <bucket-id>`

 View conversations in a category bucket. Use `mint analytics conversation buckets list` to get IDs.

@@ -176,7 +178,7 @@
 mint config <subcommand> <key> [value]
 ```

 | Subcommand | Description |
 | --- | --- |
 | `set <key> <value>` | Set a configuration value. |
 | `get <key>` | Display a configuration value. |
@@ -242,7 +244,7 @@
 | `--local-schema` | Allow validation of locally hosted OpenAPI files served over HTTP. Only supports HTTPS in production. |

 <Note>
  The standalone `mint openapi-check` command is deprecated. Use `mint validate` instead.
 </Note>

 ---
@@ -328,7 +330,7 @@

 ## Telemetry

 The CLI collects anonymous usage telemetry to help improve Mintlify. Telemetry data includes the command name, CLI version, operating system, and architecture. Mintlify does **not** collect personally identifiable information, project content, or file paths.

 By default, the CLI collects telemetry data. You can opt out at any time using the `--telemetry` flag:

@@ -348,3 +350,13 @@
 | `DO_NOT_TRACK` | `1` | Disable telemetry using the [Console Do Not Track](https://consoledonottrack.com/) standard. |
 
 Your preference saves in `~/.config/mintlify/config.json` and persists across CLI sessions.
+
+---
+
+## Environment variables
+
+| Variable | Description |
+| --- | --- |
+| `MINTLIFY_SESSION_TOKEN` | Authenticate the CLI without browser login. Useful for CI/CD pipelines and headless environments. The CLI uses keychain credentials first and falls back to this variable. |
+| `MINTLIFY_TELEMETRY_DISABLED` | Set to `1` to disable anonymous telemetry. |
+| `DO_NOT_TRACK` | Set to `1` to disable telemetry using the [Console Do Not Track](https://consoledonottrack.com/) standard. |
diff --git a/cli/preview.mdx b/cli/preview.mdx
@@ -34,7 +34,7 @@
 mint login
 ```
 
-After you authenticate with the `mint login` command, the CLI stores your credentials in `~/.config/mintlify/config.json` so you stay logged in across sessions.
+After you authenticate with the `mint login` command, the CLI stores your credentials securely in your operating system's keychain so you stay logged in across sessions. When your access token expires, the CLI automatically refreshes it in the background without requiring you to log in again.
 
 Once logged in, run `mint dev` to start the local preview with search and the assistant enabled. The assistant uses the same indexed content as your deployed documentation site.
 
@@ -50,6 +50,17 @@
 mint logout
 ```
 
+### Authenticate with an environment variable
+
+For CI/CD pipelines or headless environments where browser-based login is not available, set the `MINTLIFY_SESSION_TOKEN` environment variable:
+
+```bash
+export MINTLIFY_SESSION_TOKEN=your-token
+mint dev
+```
+
+The CLI uses the keychain token first and falls back to `MINTLIFY_SESSION_TOKEN` if no keychain credentials are available or if the token cannot be refreshed.
+
 ## Custom ports
 
 By default, the CLI uses port 3000. To use a different port, use the `--port` flag: