Authenticate CI with a service token
automation & ci
// what it does
In CI, skip auth login entirely: export PLANETSCALE_SERVICE_TOKEN_ID and PLANETSCALE_SERVICE_TOKEN (or pass the --service-token-id/--service-token flags) and every pscale command authenticates as the token. The classic pipeline: create a branch per PR, run migrations against it, open a deploy request on merge.
// shell
$ export PLANETSCALE_SERVICE_TOKEN_ID=<token-id> PLANETSCALE_SERVICE_TOKEN=<token-secret>$ pscale branch create mydb pr-123 --org my-org --wait// gotcha
Service tokens are org-scoped, so commands still need --org (or PLANETSCALE_ORG where supported). Store both halves — the ID and the secret — in your CI's secret manager; the pair is only as secret as its weaker half.