Keep separate environment logins from breaking each other#237
Merged
Conversation
Logging into more than one Datum Cloud environment (for example production and staging) with the same email used to store both under a single credential slot, so the second login silently overwrote the first. Switching back to the earlier account then sent the wrong environment's token to the API, producing confusing "you must be logged in to the server" errors even though the account still showed up in `datumctl auth list`. Each login is now stored per environment, so accounts stay independent — switching, automatic token refresh, and logout no longer interfere across environments. Existing installs are upgraded automatically the first time they authenticate; the one account whose token was already overwritten just needs a single fresh `datumctl login`. `datumctl auth switch` now marks the account you're currently signed in as with "(active)" and opens the picker on it, so it's clear what you're switching from. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ecv
approved these changes
Jul 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #238
What this fixes
Signing in to two Datum Cloud environments — say production and staging — with the same email address quietly broke authentication.
Both logins were stored under one credential slot, so the second sign-in overwrote the first. Everything looked fine (
datumctl auth liststill showed both accounts), but afterdatumctl auth switchthe CLI would send one environment's token to the other's API and fail with:To the user it looked like switching accounts randomly corrupted their login.
What changed
Logins are now kept separate per environment. Signing in to production and staging no longer share (and clobber) one stored credential. Switching accounts, automatic token refresh, and
logoutall stay scoped to the right environment.Existing installs heal themselves. The first time an already-signed-in user runs a command that authenticates, their stored logins are upgraded in place — no manual steps. The migration is non-destructive: it never deletes a token it can't first preserve. The one account whose token was already overwritten before this fix simply needs a single fresh
datumctl login(its old token was unrecoverable).datumctl auth switchnow shows the active account. The account you're currently signed in as is labelled(active)and the picker opens on it, so it's clear what you're switching from:How it was verified
go build ./...,go vet,go test, andgo install ./...all pass.Upgrade notes for users
datumctl login --hostname <that env's auth host>.🤖 Generated with Claude Code