Authenticate ggshield with GitGuardian (browser login, tokens, and api-status)

gitguardian logo
GitGuardian
Dec 22, 2025
GitGuardian

Now that ggshield is installed, the next step is to authenticate it with GitGuardian so it can scan and talk to the API.

https://docs.gitguardian.com/ggshield-docs/home

The most common method is browser-based login:

ggshield auth login

This opens your browser and prompts you to sign in through the GitGuardian dashboard. It automatically generates an access token for you and stores it safely in your local configuration. By default, the token is scoped for secret scanning, which is what most people need. We’ll revisit scopes later.

If you prefer to use an existing token instead, you can generate one inside your GitGuardian workspace and authenticate using the token method:

ggshield auth login --method token

Then paste your token when prompted.

Note: if you’re using GitGuardian on-prem, you’ll also need to specify your instance URL using the --instance option. Check with your administrator for the correct URL for your environment.

To confirm you’re authenticated and can reach the API, run:

ggshield api-status

If you’re not logged in, you’ll see an error like:
No token is saved for this instance: '[https://dashboard.gitguardian.com](https://dashboard.gitguardian.com)'

If you are logged in, you’ll see a status message showing service health and where your API key is being sourced from (by default, your user config).

And if you ever want to log out, just run:

ggshield auth logout

If you logged in via the browser flow, logging out will invalidate the token on the GitGuardian side as well.

Copyright © 2026 OpsMatters™. All rights reserved.