Skip to content
Latchkey

argocd login: Authenticate the CLI in CI

argocd login <server> authenticates the CLI to an Argo CD API server and caches the session in ~/.config/argocd/config.

Every other argocd command needs an authenticated session. In CI you want it fully non-interactive with a token and password supplied on the command line.

What it does

argocd login connects to the Argo CD API server, exchanges credentials for a session token, and writes it to the CLI config. Use --username/--password for a local account or --sso for SSO; in pipelines an API token via --auth-token is simplest.

Common usage

Terminal
argocd login argocd.example.com \
  --username admin --password "$ARGOCD_PASSWORD" --grpc-web
# token-based, no interactive prompt
argocd login argocd.example.com \
  --auth-token "$ARGOCD_AUTH_TOKEN" --grpc-web

Options

FlagWhat it does
--username / --passwordLocal account credentials
--auth-token <token>Use a pre-issued API token instead of a login
--grpc-webTunnel gRPC over HTTP/1.1 (needed behind many ingresses)
--insecureSkip TLS verification of the API server
--plaintextUse HTTP instead of HTTPS to the API server

In CI

Behind an ingress that does not support HTTP/2 trailers, add --grpc-web or every command hangs. Prefer ARGOCD_AUTH_TOKEN over a password, and set --server once via the ARGOCD_SERVER env var so later commands do not repeat it.

Common errors in CI

"FATA[0000] rpc error: code = Unavailable desc = ... transport: ..." or a long hang usually means the server needs --grpc-web. "x509: certificate signed by unknown authority" means a self-signed API cert; add --insecure for tests or trust the CA. "FATA[0000] Username/password is empty" means the credentials env vars are unset.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →