View Org Authentication Secrets

Use dedicated commands to explicitly retrieve sensitive authentication information, such as access tokens, passwords, and SFDX authorization URLs.

To improve security, sensitive authentication information isn't displayed in the output of standard CLI commands, such as sf org display and sf org list. Instead, use the dedicated org auth show-* commands to explicitly retrieve credentials when needed.

The org auth show-* commands expose sensitive credentials that grant access to your org. Sharing or logging these secrets is equivalent to sharing your login credentials, resulting in unintended access and escalation of privilege. Handle them with care and avoid storing them in unencrypted files or logs.

Warning

View Access Token

To retrieve an org's access token, run this command from a terminal (macOS and Linux) or command prompt (Windows).

1sf org auth show-access-token --target-org <username-or-alias>

The command prompts you to confirm before displaying the token. To bypass the prompt in non-interactive environments such as CI/CD pipelines, use the --json or --no-prompt flag.

View SFDX Authorization URL

To retrieve an org's Salesforce DX authorization URL, run this command.

1sf org auth show-sfdx-auth-url --target-org <username-or-alias>

This URL contains all the information needed to authorize the org in a continuous integration (CI) environment. The command prompts you to confirm before displaying the URL. To bypass the prompt, use the --json or --no-prompt flag.

View User Password

To retrieve the password for a scratch org user, run this command.

1sf org auth show-user-password --target-org <username-or-alias>

The command prompts you to confirm before displaying the password. To bypass the prompt, use the --json or --no-prompt flag.