Ravenstash
Docs

CI tokens

Use Ravenstash automation tokens for automated package publishing and installation with rvn pkg and native package managers.

Updated 2026-06-24

Ravenstash automation tokens belong to a personal workspace or a team workspace.

Use team-scoped tokens for shared CI jobs so package automation does not depend on one developer account.

  1. Create or choose the team that owns the repository.
  2. Create an automation token in that team workspace.
  3. Store the token in the CI secret manager.
  4. Inject the token as RAVENSTASH_TOKEN.
  5. Use rvn pkg to install or publish.

Publish in CI

export RAVENSTASH_TOKEN="${RAVENSTASH_TOKEN_FROM_CI}"

# Publish directly — no native package manager invoked
rvn pkg publish --repo acme/python
rvn pkg publish --repo acme/frontend
rvn pkg publish --repo acme/jvm

Install in CI

export RAVENSTASH_TOKEN="${RAVENSTASH_TOKEN_FROM_CI}"

rvn pkg install internal-sdk --repo acme/python

For native package manager commands (when the pipeline already uses pip, npm, or mvn), use the rvn wrappers to avoid hardcoding registry URLs:

rvn pip install internal-sdk --repo acme/python
rvn npm install @acme/design-system --repo acme/frontend
rvn mvn install --repo acme/jvm

Rotation

Token secrets are shown once. Rotate a token by creating a replacement, updating CI secrets, validating a publish or install job, then revoking the old token.

Current status

Available today: token creation, rotation, revocation, and deletion for personal and team workspaces. More granular per-repository permissions are planned for later.