chore(docs): Add dedicated page explaining how to manage FWF PATs

content/wasm-functions/get-logs.md

@@ -37,4 +37,4 @@ The log messages shown above have been generated using the [`log/slog` package](
 
 ## Next Steps
 
-- [Delete an application](delete)
+- [Managing Personal Access Tokens (PATs)](managing-personal-access-tokens)

content/wasm-functions/managing-personal-access-tokens.md

@@ -0,0 +1,104 @@
+title = "Managing Personal Access Tokens (PATs)"
+template = "functions_main"
+date = "2025-09-18T00:22:56Z"
+enable_shortcodes = true
+
+---
+
+- [Generating a PAT](#generating-a-pat)
+- [Listing All Your PATs](#listing-all-your-pats)
+- [Regenerating a PAT](#regenerating-a-pat)
+- [Removing a PAT](#removing-a-pat)
+- [Next Steps](#next-steps)
+
+There are several scenarios - like for example, automated deployments from CI/CD systems like GitHub Actions - in which you might want to authenticate against *Fermyon Wasm Functions* using Personal Access Tokens (PATs) instead of authenticating manually using the OAuth 2.0 Device Code flow. 
+
+A personal access token (PAT) is a secure, time-bound string used as an alternative to a password for authenticating API requests or command-line operations against a *Fermyon Wasm Functions* with fine-grained permission control.
+
+> NOTE: In contrast to the default authentication flow, PATs aren't authorized to delete applications from your _Fermyon Wasm Functions_ account.
+
+PATs for FWF are managed using the sub-commands of `spin aka auth token`. You must be authenticated to use those commands (`spin aka login`). (See the ["Log in to Fermyon Wasm Functions" section of the quickstart](quickstart#log-in-to-the-fermyon-wasm-functions) for further instructions on how to log in.)
+
+## Generating a PAT
+
+To generate a new PAT, use the `spin aka auth token create` command. At least, you have to specify a name for your PAT. Without further ado, the PAT will expire after `30` days. You can customize the expiration using the `--expiration-days` (or `-e`) option. Also, an optional description could be provided using `--description` (or `-d`): 
+
+<!-- @selectiveCpy -->
+
+```console
+$ spin aka auth token create --name docs-token \
+  --description "PAT created for the documentation" \
+  --expiration-days 90
+```
+Store the PAT which will be printed to `stdout` in a safe place (e.g. password manager), it won't be shown again:
+
+<!-- @nocpy -->
+
+```console
+A personal access token has been created! The token will expire 90 days from now.
+Please store this token in a safe place, as it will not be shown again.
+Here is your access token: pat_**************************
+```
+
+## Listing All Your PATs
+
+Once you've generated at least one PAT, you can print a list of all tokens using the `spin aka auth token list` command. This won't show the actual PATs, but you'll see essential metadata for every PAT created.
+
+<!-- @selectiveCpy -->
+
+```console
+$ spin aka auth token list --format yaml
+```
+
+For the sake of this article, will tell the command to produce the output as `YAML` instead of using the standard table layout to increase readability.
+
+<!-- @nocpy -->
+
+```console
+- id: 00000000-0000-0000-000000000000
+  name: docs-token
+  description: PAT created for the documentation
+  expires_at: 2025-12-17T13:54:11+00:00
+  last_authenticated_at: 2025-09-17T14:31:21+00:00
+```
+## Regenerating a PAT
+
+If a previously generated PAT is about to expire, you can use the `spin aka auth token regenerate` command for regenerating a particular token using its identifier. You can find the identifier by [listing all your PATs](#listing-all-your-pats). 
+
+Expiration in days can't be overwritten when regenerating a PAT. Instead, the value specified when creating the PAT will be used. 
+
+<!-- @selectiveCpy -->
+
+```console
+$ spin aka auth token regenerate --id 00000000-0000-0000-000000000000
+```
+Again, the PAT is shown only once as part of the `spin aka auth token regenerate` command, store it in a safe place (e.g. password manager).
+
+<!-- @nocpy -->
+
+```console
+A personal access token has been regenerated! The token will expire on 2025-12-17T13:54:11+00:00
+Please store this token in a safe place, as it will not be shown again.
+Here is your access token: pat_**************************
+```
+
+## Removing a PAT
+
+If you wish to remove a PAT from your account, use the `spin aka auth token delete` command. Again, you have to provide the identifier of your PAT using the `--id` option:
+
+<!-- @selectiveCpy -->
+
+```console
+$ spin aka auth token delete --id 00000000-0000-0000-000000000000
+```
+
+Once you've confirmed that you really want to delete the PAT, the command will report back that the PAT has been deleted successfully:
+<!-- @nocpy -->
+
+```console
+Deleted personal access token successfully.
+```
+
+## Next Steps
+
+- [Delete an application](delete)

templates/functions_sidebar.hbs

@@ -22,6 +22,8 @@
             href="{{site.info.base_url}}/wasm-functions/list-and-inspect">List and Inspect Applications</a>
         <a {{#if (active_content request.spin-path-info "/wasm-functions/get-logs" )}} class="active" {{/if}}
             href="{{site.info.base_url}}/wasm-functions/get-logs">Get Application Logs</a>
+        <a {{#if (active_content request.spin-path-info "/wasm-functions/managing-personal-access-tokens" )}} class="active" {{/if}}
+            href="{{site.info.base_url}}/wasm-functions/managing-personal-access-tokens">Managing Personal Access Tokens (PATs)</a>
         <a {{#if (active_content request.spin-path-info "/wasm-functions/delete" )}} class="active" {{/if}}
             href="{{site.info.base_url}}/wasm-functions/delete">Delete Applications</a>