Skip to main content

ggshield auth login


Authenticate with a GitGuardian workspace.

ggshield auth login [OPTIONS]

ggshield needs an API key to work. Under the hood, this command automates the provisioning of a personal access token and its configuration on the local workstation.

The default authentication mode is a web-based browser flow. Alternatively, use the --method=token to pass in an already existing token. The required scope for the personal access token is: scan

If a valid personal access token is already configured, this command simply displays a success message indicating that ggshield is already ready to use.


  • --method={web|token}: the method used for the authentication flow: . Default is web.
  • --instance: URL of the instance to authenticate against. Default is GitGuardian SaaS URL:
  • --sso-url: URL of your SSO login page to force the authentication flow through your workspace SSO. This URL can be retrieved from your authentication settings page once you have configured your SSO.
  • --token-name <string>: the name you want to specify for your token. If not provided, GitGuardian will fallback to "ggshield token 20XX-XX-XX".
  • --lifetime: Number of days before the token expires. 0 means the token never expires.

ggshield global options#

  • -h, --help: display detailed help


# start interactive web-based flow$ ggshield auth login
# force the authentication flow through a SSO$ ggshield auth login --sso-url
# specify the name of the personal access token about to be provisioned$ ggshield auth login --token-name mytoken
# authenticate with an already existing token, ggshield will prompt you to enter the token$ ggshield auth login --method=tokenEnter your GitGuardian API token: <type your token and press enter>
# authenticate against a self-hosted GitGuardian instance$ ggshield auth login --instance https://dashboard.gitguardian.mycorp.local