Skip to content

Sign in

Gray’s account lives on your box, not on a Gray cloud. Sign-in is deliberately simple: your email and a 6-digit code.

  1. Enter your email. You get a 6-digit code (valid 10 minutes, 5 attempts).
  2. Enter the code.
  3. When you connect a brand-new box you’ll also be asked for its one-time box code, printed by the installer on the box — this one-time step binds the first account to the box. See Set up your box.

The first successful sign-in on an unclaimed box creates the box’s owner account.

Where does a box’s sign-in code come from?

Section titled “Where does a box’s sign-in code come from?”

When the box itself issues your sign-in code, delivery is operator-configured: with nothing set up the code is printed to the box’s journal — the app shows this exact command, tap-to-copy:

Terminal window
journalctl -u gray-server | grep -i 'sign-in code'

Set RESEND_API_KEY or the SMTP variables in Configuration reference to have it actually emailed.

Sign back in with the same email + 6-digit code flow.

The box throttles code requests (1/minute, 5/hour per email; 5/hour per IP) and locks a code after 5 wrong attempts. If you’re locked out, wait for the window shown in the app.

A claimed box only issues sign-in codes to the email it was set up with — any other address gets silence, on purpose. Use the email you set the box up with, or have its current owner release the box (Me → Account, delete the account on the box); the next fresh sign-in mints a new box code. See Box code.

Me → Account signs you out on the device. To kill the box-side session — for example after a security alert — the Lock down & revoke session action invalidates the bearer; every device returns to the sign-in gate. See Security model.