CI tokens
Use Ravenstash automation tokens for automated package publishing and installation with rvn pkg and native package managers.
Updated 2026-06-24
Ravenstash automation tokens belong to a personal workspace or a team workspace.
Use team-scoped tokens for shared CI jobs so package automation does not depend on one developer account.
Recommended workflow
- Create or choose the team that owns the repository.
- Create an automation token in that team workspace.
- Store the token in the CI secret manager.
- Inject the token as
RAVENSTASH_TOKEN. - Use
rvn pkgto install or publish.
Publish in CI
export RAVENSTASH_TOKEN="${RAVENSTASH_TOKEN_FROM_CI}"
# Publish directly — no native package manager invoked
rvn pkg publish --repo acme/python
rvn pkg publish --repo acme/frontend
rvn pkg publish --repo acme/jvm
Install in CI
export RAVENSTASH_TOKEN="${RAVENSTASH_TOKEN_FROM_CI}"
rvn pkg install internal-sdk --repo acme/python
For native package manager commands (when the pipeline already uses pip, npm, or mvn), use the rvn wrappers to avoid hardcoding registry URLs:
rvn pip install internal-sdk --repo acme/python
rvn npm install @acme/design-system --repo acme/frontend
rvn mvn install --repo acme/jvm
Rotation
Token secrets are shown once. Rotate a token by creating a replacement, updating CI secrets, validating a publish or install job, then revoking the old token.
Current status
Available today: token creation, rotation, revocation, and deletion for personal and team workspaces. More granular per-repository permissions are planned for later.
