Relaypreview
Tier 2 · Relay Cloud Connect

Sign in once.
Deploy everywhere.

Cloud Connect replaces server tokens with your relay.com account. One login from the CLI authenticates you across every project, every server — no more copying tokens.

Join the waitlist
How it works
No token managementWorks with existing relaydAdmin panel integrationAlways free
terminal
$ relay login
→ opening relay.com/auth/login in browser
waiting for authentication...
✓ authenticated as [email protected]
✓ token saved to ~/.relay/config.json
$ relay deploy
→ identity: [email protected]
→ syncing 6 changed files
→ building image...
✓ live at demo-staging.relay.example.com
relay.com dashboard
server-nycNYC4 apps · CPU 42%
server-lonLondon2 apps · CPU 18%
home-labHomeoffline
Why this exists

Token management is friction at every step

Three problems that appear every time you add a machine, lose a token, or onboard someone new.

Problem
Token sprawl

Every server keeps its token in data/token.txt. New machine? SSH in, cat the file, copy-paste. Rebuild a machine? Do it again. The token lives in shell history and Slack threads before you notice.

# setting up a new deploy machine
ssh deploy-box
cat /srv/relay/data/token.txt
# → abc123def456ghi789...
# copy, paste somewhere, hope it doesn't leak
With Cloud Connect
Solved

relay login on any machine. Your relay.com account is your identity. The token file is never touched from the outside.

# setting up a new deploy machine
relay login
# → opens relay.com/auth/login in browser
# ✓ authenticated as [email protected]
# ✓ no tokens to copy
Problem
No revocation

Server tokens never expire. If one leaks — in a log, a leaked .env, a shared shell — the only fix is rotating the entire server token and updating every machine, CI secret, and team member config that uses it.

# token leaked in CI log
$ relay deploy --token abc123def456

# now:
# → rotate token on server
# → update github secrets
# → update every team member config
# → hope you got all of them
With Cloud Connect
Solved

Session tokens are scoped per device. See all active sessions in the relay.com dashboard. Revoke one entry and that device is out — nothing else changes.

# one device compromised
# relay.com → Account → Sessions
# → Revoke: work-laptop
# ✓ locked out immediately
# ✓ every other machine unaffected
Problem
Shell history leaks

--token flags end up in .bash_history, CI logs, .env files, and every 'how do I deploy?' Slack thread. The token multiplies without you doing anything.

relay deploy --url http://host:8080 --token abc123
relay logs --token abc123
relay restart app --token abc123

# token now lives in:
# .bash_history, CI logs,
# .env files, every Slack paste
With Cloud Connect
Solved

No token flags. The CLI reads credentials from ~/.relay/config.json. Nothing sensitive appears on the command line or in any log.

relay deploy
relay logs
relay restart app

# ✓ uses relay.com identity
# ✓ nothing in shell history
# ✓ nothing in CI logs
Token per server
One relay.com account
Manual copy-paste
relay login, done
No revocation
Per-device sessions
Tokens in history
Nothing on CLI
Account-based auth

How Cloud Connect works

One command replaces token management across your entire fleet.

01
relay login

Run relay login from any machine. It opens a browser to relay.com, you authenticate with GitHub or email, and the CLI receives a scoped token automatically.

relay login
# → opens relay.com/auth/login in browser
# → token saved to ~/.relay/config.json
# ✓ authenticated as [email protected]
02
No more tokens

Your relay account becomes your identity across every project and server. No more copying tokens from data/token.txt, no more --token flags, no per-machine config.

# Before Cloud Connect
relay deploy --url http://host:8080 --token abc123

# After Cloud Connect
relay deploy
# ✓ uses your relay.com identity
03
Admin panel sign-in

The local admin dashboard at :8080 can optionally show a 'Sign in with Relay' button. Connect your relay.com account and skip the token screen entirely.

# relayd config
RELAY_CLOUD_ENABLED=true
RELAY_CLOUD_CLIENT_ID=your_client_id
# → admin panel shows relay.com sign-in
Local admin panel · :8080

Sign in with Relay on your local dashboard

When Cloud Connect is configured on your server, the admin panel at :8080 gains a Sign in with Relay button alongside the existing token flow. Your relay.com account authenticates you locally — no token copy-paste required. Both auth methods remain available.

relay admin · :8080
Sign in with Relay
or
Enter token

What you get

Account-based auth

Your relay.com account replaces the server token. Sign in once and every CLI command, from any machine, uses your identity.

Scoped access

Tokens issued by relay.com are scoped to your account and revokable from the dashboard. No more tokens living in shell history.

Admin panel integration

When Cloud Connect is configured, the local :8080 panel offers Sign in with Relay alongside the existing token flow. Both work.

Unified dashboard

See all your relay servers and apps in one place. Stream live logs, trigger deploys, and restart apps without SSH.

Offline-resilient agents

relayd keeps working if relay.com is unreachable. Events queue locally and replay when the connection restores. The agent never hard-depends on the cloud.

Always free

Cloud Connect is and will stay free. Self-hosting relay.com auth and dashboard adds no cost to your infrastructure.

In development · Always free

Be first when Cloud Connect opens

Drop your email and we will notify you when account-based auth and the unified dashboard are available.

No spam. Unsubscribe any time.