Environment variables
Overview
src supports two authentication methods:
- Interactive OAuth via
src login - Access token authentication via
SRC_ACCESS_TOKEN
Use OAuth for local interactive use, or set the environment variables below for non-interactive workflows such as scripts and CI.
SRC_ENDPOINT
SRC_ENDPOINT defines the base URL for your Sourcegraph instance. In most cases, this will be a simple HTTPS URL, such as the following:
SHELLhttps://sourcegraph.com
If you're unsure what the URL for your Sourcegraph instance is, please contact your site administrator.
If the environment variable is not set, it'll default to "https://sourcegraph.com"
SRC_ACCESS_TOKEN
src can use an access token to authenticate as you to your Sourcegraph instance. Set it in the SRC_ACCESS_TOKEN environment variable. Note, src will use the SRC_ACCESS_TOKEN over the OAuth token if it is set in the environment.
To create an access token, please refer to "Creating an access token".
Reusing the current src credential in scripts
If you have already authenticated with src login, or you have SRC_ACCESS_TOKEN set, you can reuse the active credential from shell scripts:
src auth tokenprints the raw token value.src auth token --headerprints a completeAuthorizationheader using the correct scheme for the current auth mode.
When src is using an access token, --header prints Authorization: token .... When src is using OAuth, it prints Authorization: Bearer ....
Use src auth token when another tool expects only the token value. For example, to populate the YOUR_ACCESS_TOKEN environment variable used by the OpenCode MCP setup in /api/mcp:
SHexport YOUR_ACCESS_TOKEN="$(src auth token)"
Use src auth token --header when another command expects a complete Authorization header:
SHcurl -H "$(src auth token --header)" \ -H "Content-Type: application/json" \ -d '{"query":"query { currentUser { username } }"}' \ "$SRC_ENDPOINT/.api/graphql"
Adding request headers with SRC_HEADER_ (Proxy Authentication with src)
If your instance is behind an authenticating proxy that requires additional headers, they can be supplied via environment variables. Any environment variable passed starting with the string SRC_HEADER_{string-A}="String-B" will be passed into the request with form String-A: String-B. See examples below:
Example passing env vars src command:
BASHSRC_HEADER_AUTHORIZATION="Bearer $(curl http://service.internal.corp)" SRC_HEADER_EXTRA=metadata src search 'foobar'
In the above example, the headers authorization: Bearer my-generated-token and extra: metadata will be threaded to all HTTP requests to your instance. Multiple such headers can be supplied.
An alternative to the above when passing in multiple headers or headers with dashes is to make use of the SRC_HEADERS environment variable as follows:
SHSRC_HEADERS="AUTHORIZATION:Bearer somerandom_string\nClient-ID:client-one\nextra:metadata"
Note: The different header keys and values need to separated by a new line ("\n"). In the above example, the headers authorization: Bearer somerandom_string, client-id: client-one and extra: metadata will be threaded to all HTTP requests to your instance.
Example passing env vars via a shell config file: In the .zshrc -
BASH... # src proxy auth export SRC_HEADER_AUTHORIZATION="Bearer $(curl -H "Accept: text/plain" https://icanhazdadjoke.com/)" ...
Using a src search with -get-curl to expose the network request:
BASHsrc search -get-curl 'repogroup:swarm'
BASHcurl \ -H 'Authorization: token <REDACTED>' \ -H 'authorization: Bearer What did the judge say to the dentist? Do you swear to pull the tooth, the whole tooth and nothing but the tooth?' \ -d '{"query":"fragment FileMatchFields on FileMatch {\n\t\t\t\trepository {\n\t\t\t\t\tname\n\t\t\t\t\turl\n\t\t\t\t}\n\t\t\t\tfile {\n\t\t\t\t\tname\n\t\t\t\t\tpath\n\t\t\t\t\turl\n\t\t\t\t\tcontent\n\t\t\t\t\tcommit {\n\t\t\t\t\t\toid\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tlineMatches {\n\t\t\t\t\tpreview\n\t\t\t\t\tlineNumber\n\t\t\t\t\toffsetAndLengths\n\t\t\t\t\tlimitHit\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tfragment CommitSearchResultFields on CommitSearchResult {\n\t\t\t\tmessagePreview {\n\t\t\t\t\tvalue\n\t\t\t\t\thighlights{\n\t\t\t\t\t\tline\n\t\t\t\t\t\tcharacter\n\t\t\t\t\t\tlength\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tdiffPreview {\n\t\t\t\t\tvalue\n\t\t\t\t\thighlights {\n\t\t\t\t\t\tline\n\t\t\t\t\t\tcharacter\n\t\t\t\t\t\tlength\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tlabel {\n\t\t\t\t\thtml\n\t\t\t\t}\n\t\t\t\turl\n\t\t\t\tmatches {\n\t\t\t\t\turl\n\t\t\t\t\tbody {\n\t\t\t\t\t\thtml\n\t\t\t\t\t\ttext\n\t\t\t\t\t}\n\t\t\t\t\thighlights {\n\t\t\t\t\t\tcharacter\n\t\t\t\t\t\tline\n\t\t\t\t\t\tlength\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tcommit {\n\t\t\t\t\trepository {\n\t\t\t\t\t\tname\n\t\t\t\t\t}\n\t\t\t\t\toid\n\t\t\t\t\turl\n\t\t\t\t\tsubject\n\t\t\t\t\tauthor {\n\t\t\t\t\t\tdate\n\t\t\t\t\t\tperson {\n\t\t\t\t\t\t\tdisplayName\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t fragment RepositoryFields on Repository {\n\t\t\tname\n\t\t\turl\n\t\t\texternalURLs {\n\t\t\t serviceType\n\t\t\t url\n\t\t\t}\n\t\t\tlabel {\n\t\t\t\thtml\n\t\t\t}\n\t\t }\n\n\t\t query ($query: String!) {\n\t\t\tsite {\n\t\t\t\tbuildVersion\n\t\t\t}\n\t\t\tsearch(query: $query) {\n\t\t\t results {\n\t\t\t\tresults{\n\t\t\t\t __typename\n\t\t\t\t ... on FileMatch {\n\t\t\t\t\t...FileMatchFields\n\t\t\t\t }\n\t\t\t\t ... on CommitSearchResult {\n\t\t\t\t\t...CommitSearchResultFields\n\t\t\t\t }\n\t\t\t\t ... on Repository {\n\t\t\t\t\t...RepositoryFields\n\t\t\t\t }\n\t\t\t\t}\n\t\t\t\tlimitHit\n\t\t\t\tcloning {\n\t\t\t\t name\n\t\t\t\t}\n\t\t\t\tmissing {\n\t\t\t\t name\n\t\t\t\t}\n\t\t\t\ttimedout {\n\t\t\t\t name\n\t\t\t\t}\n\t\t\t\tmatchCount\n\t\t\t\telapsedMilliseconds\n\t\t\t\t...SearchResultsAlertFields\n\t\t\t }\n\t\t\t}\n\t\t }\n\t\t\n\tfragment SearchResultsAlertFields on SearchResults {\n\t\talert {\n\t\t\ttitle\n\t\t\tdescription\n\t\t\tproposedQueries {\n\t\t\t\tdescription\n\t\t\t\tquery\n\t\t\t}\n\t\t}\n\t}\n","variables":{"query":"repogroup:swarm"}}' \ https://cse-k8s.sgdev.org/.api/graphql