Hi all!
Our tokens, even though they are known as SONAR_TOKEN, are associated with the users who create them in their accounts. There is no organizational token in SonarCloud. Each token is related to a user. We are using tokens to check whether the user associated with the token has the required permissions to analyze the project.
You can find the list of the tokens related to the user account under My Account/Security
. All tokens of a user are equal. Any of them can be used as a SONAR_TOKEN to analyze a project for which the user has the required permission.
As mentioned, some tokens are auto-generated. We generate a new token on behalf of the user, in the project configuration page after a new project is created to be analyzed.
Since we don’t store token secrets, it is not possible to show the secrets again after showing them for the first time.
What can you do now? All you need to do is to create a new token from a user account that has the required permission to analyze the project(s). Then you need to use this new token in your CI configuration. Since all tokens of a user are equal (have the same permissions because all of them are related to the user), the user can revoke the old tokens.
If you encounter a problem after revoking tokens, it means that you forgot to update a configuration in an environment. You just need to use the new token in these places as well.