Snyk Documentation

CLI - Authentication


Snyk commands require authentication. We use one of three identity providers for authentication: GitHub, Bitbucket or Google. For authentication purposes, the identity providers do not require access to your repositories, only your email address.

Single Sign On

In addition to the three default identity providers, Snyk supports a wide variety of single sign on protocols, such as SAML, OpenID Connect, LDAP and more. This feature is available on some of our paid plans.

Authentication with the CLI

You can authenticate by running snyk auth in your terminal. A browser window will open and guide you through this process.

Authentication with an environment variable

Alternatively, you can visit your account, copy your token and set the environment variable SNYK_TOKEN to your token. This approach is recommended for CI environments.

Using Service Accounts

Some of our paid plans allow the creation of an org wide service account that has a token associated with it. This is convenient if you do not want to use tokens associated with individual Snyk accounts. To setup a Service Account follow the documentation here: