auth
Manage authentication for the Sentry CLI.
Commands
sentry auth login
Authenticate with Sentry.
# OAuth device flow (recommended)sentry auth login
# Using an API tokensentry auth login --token YOUR_TOKENOptions:
| Option | Description |
|---|---|
--token <token> | Use an API token instead of OAuth |
OAuth Flow:
- Run
sentry auth login - A URL and code will be displayed
- Open the URL in your browser
- Enter the code when prompted
- Authorize the application
- The CLI automatically receives your token
Self-Hosted Sentry (26.1.0+):
For self-hosted instances, set SENTRY_URL and SENTRY_CLIENT_ID (from a public OAuth application you create on your instance):
SENTRY_URL=https://sentry.example.com SENTRY_CLIENT_ID=your-client-id sentry auth loginOn older versions or without an OAuth application, use an API token instead:
SENTRY_URL=https://sentry.example.com sentry auth login --token YOUR_TOKENSee Self-Hosted Sentry for full setup details.
sentry auth logout
Remove stored credentials.
sentry auth logoutsentry auth status
Check your authentication status.
sentry auth statusOutput:
Authenticated as: usernameOrganization: my-orgToken expires: 2024-12-31sentry auth refresh
Refresh your OAuth token.
sentry auth refreshThis is typically handled automatically when tokens expire.
Credential Storage
Credentials are stored in a SQLite database at ~/.sentry/cli.db with restricted file permissions (mode 600).
Use sentry auth token to retrieve your current access token, or sentry auth status to check authentication state.
Environment Variable Precedence
The CLI checks for auth tokens in the following order, using the first one found:
SENTRY_AUTH_TOKENenvironment variable (legacy)SENTRY_TOKENenvironment variable- The stored token in the SQLite database
When a token comes from an environment variable, the CLI skips expiry checks and automatic refresh.