Sanity Pioneers: Get early access to betas, extra AI credits, and a direct line to the engineering team. Apply now

Using token authentication for Sanity CLI login

22 repliesLast updated: Nov 29, 2025
Hello. We are looking to use an automated system for deploying GraphQL schemas and studio, but we have some problems logging in to the CLI tool. Is it possible to use a token for logging in, or is it another method?
AI Update

Yes, it is absolutely possible to use a token for logging in to the Sanity CLI for automated deployments! This is actually the recommended approach for CI/CD environments.

Using Authentication Tokens

For automated systems like CI/CD pipelines, you should use the SANITY_AUTH_TOKEN environment variable instead of interactive login. Here's how:

1. Create a Deploy Token

First, create a deploy token in your Sanity project management dashboard. Navigate to your project settings to generate a token with appropriate permissions.

2. Set the Environment Variable

In your CI/CD environment, set the SANITY_AUTH_TOKEN environment variable with your token:

SANITY_AUTH_TOKEN=<your-deploy-token> sanity deploy

Or for schema deployment:

SANITY_AUTH_TOKEN=<your-deploy-token> sanity schema deploy

3. CI/CD Configuration Example

For automated deployments, you can configure your workflow like this:

// sanity.cli.ts
import {defineCliConfig} from 'sanity/cli'

export default defineCliConfig({
  api: {
    projectId: process.env.SANITY_STUDIO_PROJECT_ID,
    dataset: process.env.SANITY_STUDIO_DATASET,
  },
  studioHost: process.env.SANITY_STUDIO_HOSTNAME
})

Then in your CI/CD pipeline, ensure these environment variables are set:

  • SANITY_AUTH_TOKEN - Your deploy token (for authentication)
  • SANITY_STUDIO_PROJECT_ID - Your project ID
  • SANITY_STUDIO_DATASET - Your dataset name
  • SANITY_STUDIO_HOSTNAME - Your studio hostname (optional, for deployment)

Why Use Tokens?

According to the Sanity deployment documentation, the sanity deploy command normally uses your local user session for authentication, which won't be available in CI/CD workflows. The SANITY_AUTH_TOKEN environment variable solves this by providing programmatic authentication.

Common Use Cases

This token-based authentication works for:

  • Deploying Sanity Studio (sanity deploy)
  • Deploying GraphQL schemas (sanity graphql deploy)
  • Running migrations
  • Any other CLI operations that require authentication

The token-based authentication is secure and allows you to grant specific permissions without sharing user credentials. You can manage and revoke these tokens through your project settings at any time.

Show original thread
22 replies

Was this answer helpful?

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Related answers

Get more help in the community Discord

Related contributions

Auto-generate alt text for Media Library assets

FeaturedOfficial

Automatically generate accessible, multilingual alt text for images in your Sanity Media Library using Agent Actions and Sanity Functions

Bram Doppen

Bram Doppen

First Published Timestamp Function

FeaturedOfficial

Automatically track when content was first published with a timestamp that sets once and never overwrites, providing reliable publication history for analytics and editorial workflows.

Knut Melvær

Knut Melvær

Automatically tag blog posts

FeaturedOfficial

AI-powered automatic tagging for Sanity blog posts that analyzes content to generate 3 relevant tags, maintaining consistency by reusing existing tags from your content library.

Ken Jones Pizza
Knut Melvær

Ken Jones Pizza and 1 other