Skip to content
Musher Docs

Authentication

Authenticate with the Musher platform using API keys. API keys authorize requests from CLIs, SDKs, and direct API calls.

How API Key Authentication Works

Every API request must include your API key as a Bearer token in the Authorization header:

http 
Authorization: Bearer mush_your_api_key_here

API keys are scoped to your organization. Create and manage keys from the Settings > API Keys page in the Musher Console.

Environment Variable

All Musher tools read the MUSHER_API_KEY environment variable. Set it once and every tool picks it up automatically.

bash 
# Add to your shell profile (~/.bashrc, ~/.zshrc, etc.)
export MUSHER_API_KEY=mush_your_api_key_here

Reload your shell or run source ~/.bashrc to apply.

Verify Your Key

Confirm your API key is working with a quick cURL request:

bash 
curl -H "Authorization: Bearer $MUSHER_API_KEY" \
  https://api.musher.dev/v1/runner/me

A successful response returns your credential and organization details.

CLI Authentication

The mush CLI is for consuming bundles. Install it and set your API key:

Install

bash 
curl -fsSL https://mush.musher.dev | sh

Set your API key

bash 
export MUSHER_API_KEY=mush_your_api_key_here

Verify

bash 
mush auth status

TypeScript SDK

Install the TypeScript SDK and configure authentication via the environment variable:

bash 
npm install @musher-dev/musher-sdk
bash 
export MUSHER_API_KEY=mush_your_api_key_here

The SDK reads MUSHER_API_KEY automatically. See the TypeScript SDK repository for full usage documentation.

Python SDK

Install the Python SDK and configure authentication via the environment variable:

bash 
pip install musher-sdk
bash 
export MUSHER_API_KEY=mush_your_api_key_here

The SDK reads MUSHER_API_KEY automatically. See the Python SDK repository for full usage documentation.

CI/CD Integration

Store your API key as a secret in your CI/CD platform and expose it as the MUSHER_API_KEY environment variable.

Add MUSHER_API_KEY as a repository secret in Settings > Secrets and variables > Actions, then reference it in your workflow:

yaml 
steps:
  - name: Install bundles
    env:
      MUSHER_API_KEY: ${{ secrets.MUSHER_API_KEY }}
    run: mush bundle install acme/code-review

Key Management

Rotation

To rotate a key, create a new API key in the Console, update your environment variables and CI/CD secrets, then revoke the old key. There is no downtime — both keys work until you revoke the old one.

Revocation

Revoke compromised or unused keys immediately from Settings > API Keys in the Console. Revoked keys stop working instantly.

Scopes

API keys are scoped to your organization. A key grants access to all resources within that organization. Use separate keys for different environments (development, staging, production) to limit blast radius.