auth
Authenticate with Sentry
Commands
Section titled “Commands”sentry auth login
Section titled “sentry auth login”Authenticate with Sentry
Options:
| Option | Description |
|---|---|
--token <token> | Authenticate using an API token instead of OAuth |
--timeout <timeout> | Timeout for OAuth flow in seconds (default: 900) |
--force | Re-authenticate without prompting |
--url <url> | Sentry instance URL to authenticate against (e.g. https://sentry.example.com). Required for self-hosted; defaults to SaaS (https://sentry.io). |
sentry auth logout
Section titled “sentry auth logout”Log out of Sentry
sentry auth refresh
Section titled “sentry auth refresh”Refresh your authentication token
Options:
| Option | Description |
|---|---|
--force | Force refresh even if token is still valid |
sentry auth status
Section titled “sentry auth status”View authentication status
Options:
| Option | Description |
|---|---|
--show-token | Show the stored token (masked by default) |
-f, --fresh | Bypass cache, re-detect projects, and fetch fresh data |
sentry auth token
Section titled “sentry auth token”Print the stored authentication token
sentry auth whoami
Section titled “sentry auth whoami”Show the currently authenticated identity
Options:
| Option | Description |
|---|---|
-f, --fresh | Bypass cache, re-detect projects, and fetch fresh data |
All commands support --json for machine-readable output and --fields to select specific JSON fields.
Examples
Section titled “Examples”OAuth login (recommended)
Section titled “OAuth login (recommended)”sentry auth login- A URL and device code will be displayed
- Open the URL in your browser
- Enter the code when prompted
- Authorize the application
- The CLI automatically receives your token
Token login
Section titled “Token login”sentry auth login --token YOUR_SENTRY_API_TOKENSelf-hosted Sentry
Section titled “Self-hosted Sentry”The --url flag is required when first connecting to a self-hosted instance.
This registers the host as trusted so subsequent commands don't need the flag:
# OAuth login to a self-hosted instance (requires --url on first use)sentry auth login --url https://sentry.example.com
# Token-based auth with self-hostedsentry auth login --token YOUR_TOKEN --url https://sentry.example.comSee Self-Hosted Sentry for details.
Re-authenticate and timeouts
Section titled “Re-authenticate and timeouts”# Force re-authentication (skip "already logged in" prompt)sentry auth login --force
# Set a custom timeout for the OAuth flow (default: 900 seconds)sentry auth login --timeout 300Logout
Section titled “Logout”sentry auth logoutRefresh token
Section titled “Refresh token”sentry auth refreshPrint stored token
Section titled “Print stored token”sentry auth tokenCheck auth status
Section titled “Check auth status”sentry auth statusAuthenticated as: usernameOrganization: my-orgToken expires: 2024-12-31# Show the raw tokensentry auth status --show-token
# View current usersentry auth whoamiCredential Storage
Section titled “Credential Storage”Auth tokens are stored in a SQLite database at ~/.sentry/cli.db with restricted file permissions.
Token Precedence
Section titled “Token Precedence”By default, the CLI checks for auth tokens in the following order:
- The stored OAuth token in the SQLite database (from
sentry auth login) SENTRY_AUTH_TOKENenvironment variableSENTRY_TOKENenvironment variable (legacy alias)
The stored OAuth token takes priority because it supports automatic refresh. To override this and force environment tokens to win, set SENTRY_FORCE_ENV_TOKEN=1.
When a token comes from an environment variable, the CLI skips expiry checks and automatic refresh.