> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ghostable.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Devices

> Devices are trusted human-operated machines that hold the private keys used to decrypt environments.

<Card title="Read the security model" icon="lock" href="/fundamentals/v2/overview/security-model">
  Understand how Ghostable separates human devices from automation identities.
</Card>

## Why Devices Exist

Ghostable links a human-operated workstation as a device so encryption keys can stay local to that
machine. A linked device can then decrypt environments it has been authorized to access.

Typical device examples:

* A developer laptop.
* A secure workstation.
* A bastion host operated by a human.

## What Happens When You Link a Device

Linking a device registers the machine with Ghostable and stores private key material locally in the
operating system's secure storage. The service only receives the public identity it needs to share
environment keys with that device.

If a device is new, it may still need a key re-share before it can read existing secrets.

<Warning>Devices are for people, not CI runners. Use deploy tokens for automation.</Warning>

## Device Lifecycle

* **Link** a new workstation when you set it up.
* **Use** the linked device for desktop or CLI secret workflows.
* **Re-share** keys when a new device needs access.
* **Unlink or revoke** devices that are retired or compromised.

## Continue with Your Client

<CardGroup>
  <Card title="Link from Desktop" icon="laptop" href="/desktop/v1/getting-started/link-your-device">
    Register your Mac device from the desktop onboarding flow.
  </Card>

  <Card title="Link from CLI" icon="terminal" href="/cli/v2/workflows/devices">
    Use terminal commands when you need device setup or recovery without the app.
  </Card>
</CardGroup>