Try Serpent Free
← Salesforce DevOps Glossary

SFDX Auth URL

A single string encoding an org's OAuth credentials, used to authenticate Salesforce CLI in CI without a browser-based login.

Definition

An SFDX auth URL is a single string, formatted as force://<clientId>:<clientSecret>:<refreshToken>@<instanceUrl>, that packages up everything Salesforce CLI needs to authenticate to an org non-interactively. It's generated from an already-authenticated org with sf org display --verbose --json and consumed with sf org login sfdx-url, which is what lets a CI pipeline authenticate to a Dev Hub, sandbox, or scratch org without opening a browser for an OAuth flow. Because the string contains a live refresh token, it functions as a credential and needs to be stored as a CI secret, never committed to source control, and rotated if it's ever exposed. Our CI/CD pipeline guide covers authenticating CI to Salesforce end to end.

In practice

How it works in Serpent

Serpent manages authenticated connections to every org centrally, so teams aren't distributing and rotating raw auth URLs as secrets across multiple CI configurations by hand.

Git integration settings in Serpent
Common questions

SFDX Auth URL, answered

Does an SFDX auth URL expire?
It's tied to a refresh token, which stays valid until it's explicitly revoked or the connected app's policy forces re-authentication, so it doesn't expire on a fixed schedule the way a session ID does.

Start free. No credit card, no install, no commitment.

Set up in under 15 minutes. No DevOps hire needed.

Curious about faster shipping before you dive in? Let's talk

Commitment free!