How it works

The exact files and operations behind a switch. No magic, three moves.

Where Claude Code keeps your login

Claude Code stores OAuth credentials in the macOS Keychain under the service Claude Code-credentials, and your account identity (email, organization) in the oauthAccount block of ~/.claude.json. A yoink profile is a snapshot of both.

$ security find-generic-password -w -s "Claude Code-credentials"

What a switch does

1. Re-snapshot. Claude Code refreshes tokens silently in the background, so yoink first reads the live Keychain entry and folds it back into the profile that is currently active. A token refreshed five minutes ago is preserved, not clobbered.

2. Write the target.The target profile's credential blob goes into the Keychain and its oauthAccount block into ~/.claude.json, preserving the file's existing indentation.

3. Reconcile the env block. For a Claude account, the seven managed ANTHROPIC_* keys are stripped from ~/.claude/settings.json so OAuth wins. For an external provider, they are written. Nothing else in the file changes.

Storage

Profiles live in ~/.config/yoink/profiles.json, created with chmod 600 inside a 0700 directory. Every write in yoink, the profile store, ~/.claude.json, and both settings files, is atomic: content goes to a temp file first, then a rename replaces the original, so a crash mid-write can never leave a truncated file.

Why a restart is needed

A running Claude Code session holds its token in memory and may write it back to the Keychain on its next refresh, overwriting what yoink just placed there. yoink detects a running session (pgrep -x claude) and asks before switching. Restart Claude Code after a switch and it boots from the new credentials.