---
title: 'yorker login: browser auth for the CLI'
description: 'The CLI now opens a browser to authenticate, so first-run no longer means copying an API key out of the dashboard.'
date: '2026-05-08'
category: 'feature'
canonical_url: 'https://yorkermonitoring.com/changelog/2026-05-08-yorker-login'
---

The Yorker CLI now ships with `yorker login`. Running it opens a consent page at [yorkermonitoring.com/cli/auth](https://yorkermonitoring.com/cli/auth) where you click **Authorize**. Yorker mints a real API key tied to your team, names it `CLI <hostname>` so machines are easy to tell apart on the dashboard, and stores it at `~/.yorker/credentials` (mode `0600`). No more pasting `sk_...` into your shell on every new laptop.

`yorker logout` removes the local credential. Pass `--revoke` to also delete the API key on the server in one step.

Existing API keys still work. If you have `YORKER_API_KEY` set, the CLI uses it ahead of the persisted credential, so CI scripts and Docker containers stay exactly as they are.