# lpm token-rotate (/docs/infra/token-rotate)



Rotate the current lpm.dev session token after a suspected leak or routine credential rotation.

```bash
lpm token-rotate
```

## Examples [#examples]

```bash
lpm token-rotate
lpm token-rotate --json
```

`lpm token-rotate` is only for the lpm.dev session token. It creates a new token, invalidates the old one on the server, stores the replacement in local secure storage, and records the returned expiry for [`lpm whoami`](/docs/infra/login#lpm-whoami) warnings.

There is no equivalent command for npm, GitHub, or GitLab:

* Rotate npm auth by running `lpm login --npm` again or replacing `NPM_TOKEN`.
* Rotate GitHub and GitLab host-CLI auth in `gh` / `glab`.
* Replace explicit fallback tokens with `lpm login --<target> --token <T>`.

Human output reports the old token invalidation, new token storage, secure-storage backend, and expiry timestamp when the registry returns one.

With `--json`, the envelope includes `{success, rotated, expires_at, storage_backend, storage_degraded}`.

## Flags [#flags]

`lpm token-rotate` takes no command-specific flags besides the [global flags](/docs/commands#global-flags). Use `--json` for structured output.

## See also [#see-also]

* [`lpm login / logout / whoami`](/docs/infra/login) - manage registry sessions
* [Authentication](/docs/infra/authentication) - token storage backends
* [Environment variables](/docs/reference/env-vars) - token overrides for automation