Can SonarQube Login token be passed as variable to /d:sonar.login= instead of actual token?

we have scripts which log the results to our SonarQube server and till now we were passing the actual token in /d:sonar.login= but there is a risk in having this in the code…we want to use other secure methods like secret key and pass that along like /d:sonar.login=$SECRET_KEY

can this be done?
when I try that it says -

SonarScanner for MSBuild 5.1

Using the .NET Core version of the Scanner for MSBuild

Pre-processing started.

Preparing working directories…

15:41:18.589 Updating build integration targets…

15:41:18.826 The token you provided doesn’t have sufficient rights to check license.

15:41:18.827 Pre-processing failed. Exit code: 1

Hi @MohitS you can generate and use a token instead of user name and password - see the docs for more information.

Storing secrets in a file is clearly not a good practice. How you store and pass the secrets will depend on your environment. All CI systems have some method of passing tokens securely.

The error message you are getting suggests that either your SonarQube user account does not have the correct permissions, or the token is not being passed correctly.

This topic was automatically closed after 10 days. New replies are no longer allowed.