Generate project-wide tokens within the CLI

[ajhalili2006]

About this Issue

Generating an API token for the project (assuming permissions are tied to my account's permissions on specific project) in the UI is fine, but what about people who don't bothered to open the browser or in an GUI-less machine?

In order to generate it, all of prerequisites should be reached:

• signed in to the CLI
• has project access with atleast write to generate tokens

The command will look like this:

$ railway tokens new [--env="production"]
Token name (if left blank, we'll generate it for you): nonsense-holy-call-what (generated by CLI)
Here's your project token for this project:

============================================================
Project ID: <project-id-over-there-probably-uuidv4-ones>
Project token: railway_<SOME-RANDOM-TEXT-OVER-HERE>
============================================================

This will be the only time you see the token. If you ever lost it or get leaked, you need to revoke this one.
Keep this project token secret, as this have the same permissions as you would, preferably in an password manager
like Bitwarden and 1Password or secret management apps like HashiCorp Vault and GitHub's built-in encrypted
environment variables.

Note that there's railway_ in example token output, that because I assume that Railway will apply for GitHub's secret scanning solution in the future.

Possible Alternative Solutions

• Copy the ~/.railway directory to other machine and removing everything expect the JWT token for the Railway API.
• Grab the JWT token from the webapp through DevTools (sounds tricky) and do some cURLing to specific endpoints delicated to project token generation. (API is undocumented for curl usage at time of writing.)

Related Issues

• Ability to run all railway commands with RAILWAY_TOKEN #105 for using RAILWAY_TOKEN in commands like up, run, etc.