Generate or Change a Password for a Scratch Org User

By default, new scratch orgs contain one administrator user with no password. Use the org generate password CLI command to generate or change a password for this admin user. After it's set, you can’t unset a password, you can only change it.
You can also use the --on-behalf-of flag to generate a password for a scratch org user that you've created locally with the org create user command. You can’t use the org generate password command for users that you created in the scratch org with Setup.
  1. Generate a password for a scratch org user with this command:
    1sf org generate password --target-org <username-or-alias>

    You can run this command for scratch org users only. The command outputs the generated password.

    The target org must be the username or alias for the scratch org admin user. Use the --on-behalf-of flag to assign passwords to multiple users at once, including admin users, or to users who don’t have permissions to do it themselves. Specify multiple locally created users by specifying multiple --on-behalf-of flags. For example, let’s say the my-scratch alias corresponds to the scratch org’s admin user, and you want to generate a password for users with aliases ci-user and qa-user:

    1sf org generate password --target-org my-scratch --on-behalf-of ci-user --on-behalf-of qa-user
    By default, the command generates a password that's 13 characters in length; the possible characters include all lower and upper case letters, numbers, and symbols. To change the password strength, use the --length and --complexity flags. The --complexity flag is a number from 0 through 5; the higher the value, the more possible characters are used, which strengthens the password. The default value is 5. See the command-line help for a description of each value. This example shows how to generate a password that's 20 characters long:
    1sf org generate password --target-org my-scratch --length 20
  2. View the generated password and other user details with the org display user and org auth commands:
    1sf org display user --target-org qa-user
    2Warning: Secrets are now hidden from 'sf org display user' command output. Use the 'sf org auth' commands instead. <truncated for readability>
    3
    4=== User Description
    5
    6 key          label
    7 ──────────── ────────────────────────────────────────────────────────────────────────────────────────────────────────────────
    8 Username     1690397809_test-st9thgoyyyq3@example.com
    9 Profile Name Standard User
    10 Id           0058I002inzvQAA
    11 Org Id       00D80000PhAkUAK
    12 Access Token [REDACTED] Use 'sf org auth show-access-token' to view
    13 Instance Url https://connect-enterprise-1121-dev-ed.scratch.my.salesforce.com
    14 Login Url    https://connect-enterprise-1121-dev-ed.scratch.my.salesforce.com
    15 Alias        qa-user
    1sf org auth show-user-password --target-org qa-user
    2✔ You're about to reveal the password for "agentdx258_test1@trailhead.th". Do you want to continue? Yes
    3┌──────────┬──────────────────────┐
    4│ Key      │ Value                │
    5├──────────┼──────────────────────┤
    6│ Password │ bgzz_8hOmeftqvrfxxgi │
    7└──────────┴──────────────────────┘
    1sf org auth show-access-token --target-org qa-user
    2✔ You're about to reveal the access token for "qa-user". This token grants full access to the org with your current permissions. Sharing or logging 
    3this token is equivalent to sharing your credentials. Do you want to continue? Yes
    4┌──────────────┬────────────────────────────|
    5│ Key          │ Value                      |
    6├──────────────┼────────────────────────────|
    7│ Access Token │ 00DWs00000GuX<truncated>   |
    8└──────────────┴────────────────────────────|
  3. Log in to the scratch org with the new password:
    1. From the org display user output, copy the value of the Instance URL and paste it into your browser. In our example, the instance URL is https://connect-enterprise-1121-dev-ed.scratch.my.salesforce.com.
    2. If you’ve already opened the scratch org with the org open command, you’re automatically logged in again. To try out the new password, log out and enter the username and password listed in the output of the org display user command.
    3. Click Log In to Sandbox.

If you change a scratch org user’s password using the Salesforce UI, the new password doesn’t show up in the org display user output.

Note