Skip to content

docs: remove stale multi-session guidance #600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
platinummonkey merged 1 commit into from
Jun 18, 2026
+3 −8
Merged

docs: remove stale multi-session guidance #600

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,7 @@ Note: `pup auth logout` (default session) also deletes the shared DCR client cre

`pup auth login` and `pup auth status` additionally accept `--site`, which wins over the above for those two commands.

If multiple sessions share the same org name on different sites, step 2 is skipped (ambiguous) and pup warns to stderr; pass `DD_SITE` to disambiguate. An unnamed (default) session can't be selected by `--org` at all -- if you have multiple unnamed sessions on different sites, set `DD_SITE` to pick one.
If multiple sessions share the same org name on different sites, step 2 is skipped (ambiguous) and pup warns to stderr; pass `DD_SITE` to disambiguate. An unnamed (default) session can't be selected by `--org` at all -- it has no name to look up.

**Token Storage**: By default, OAuth tokens and DCR client credentials are stored in your platform's secure store: macOS Keychain (via Apple's Security framework, with Touch ID prompts), Linux Secret Service (via the `keyring` crate), or Windows Credential Manager (via the `keyring` crate; sharded across multiple WinCred entries to stay within WinCred's per-record size limit). When no secure store is available, pup falls back to JSON files under `~/.config/pup/` with `0600` permissions; in file mode tokens and client credentials are kept in separate files (`tokens_<site>.json`, `client_<site>.json`). Set `DD_TOKEN_STORAGE=file` to force file storage. In either mode, all tokens for a given site share one tokens entry, keyed internally by org name.

Expand Down
9 changes: 2 additions & 7 deletions docs/OAUTH2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,14 +66,10 @@ Manually refresh your access token using the refresh token. This happens automat
### 4. Logout

```bash
pup auth logout # default session for the current site
DD_SITE=datadoghq.eu pup auth logout # default session for a non-default site
pup auth logout # default session
pup auth logout --org staging-child # one named session, leaves others intact
```

`pup auth logout` itself doesn't accept a `--site` flag; use `DD_SITE` to
pick which default session to clear.

**Side effect on sibling sessions:** logging out the default (unnamed)
session for a site also deletes that site's shared DCR client
credentials. Any named-org sessions on the same site will still hold
Expand Down Expand Up @@ -415,8 +411,7 @@ accepts `--site`.
If multiple sessions share the same org name on different sites, step 2
is skipped (ambiguous) and pup warns to stderr; pass `DD_SITE` to
disambiguate. An unnamed (default) session can't be selected by `--org`
at all (it has no name to look up), so if you have multiple unnamed
sessions on different sites, set `DD_SITE` to pick one.
at all -- it has no name to look up.

### Session registry

Expand Down