Skip to main content

ggshield honeytoken create


The honeytoken command within ggshield is still in its beta version.


Command to create a honeytoken.

ggshield honeytoken create [OPTIONS]

The prerequisites to use this command are the following:

  • you have the necessary permissions as a user (for now, Honeytoken is restricted to users with a manager role),
  • the personal access token used by ggshield has the required scopes. (honeytoken:read and honeytoken:write).


  • --name TEXT: Specify a name for your honeytoken. If this option is not provided, a unique name will be generated with a ggshield- prefix.
  • --type [AWS]: Specify the type of honeytoken that you want to create. (For now only AWS honeytokens are supported) [required]
  • --description TEXT: Add a description to your honeytoken (250 characters max).
  • -o, --output FILE: Specify a filename to append your honeytoken directly to the content of this file. If the file does not exist, it will be created.

This command supports all ggshield global options.