Community Edition
This guide covers authentication setup for sfp community edition, which doesn't include sfp-server. You'll manage credentials locally using standard Salesforce CLI authentication patterns.
How Community Edition Authentication Works
Without sfp-server, you manage SFDX Auth URLs directly:
┌─────────────────────────────────────────────────────────────────────────────┐
│ Community Edition Authentication │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ LOCAL DEVELOPMENT │
│ ───────────────── │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Developer │────>│ Salesforce │────>│ Local CLI │ │
│ │ │ │ OAuth │ │ Storage │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
│ $ sf org login web --alias myOrg │
│ $ sfp install --targetorg myOrg --artifactdir ./artifacts │
│ │
│ ✅ Credentials stored locally in ~/.sfdx/ │
│ │
│ CI/CD PIPELINES │
│ ─────────────── │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ CI/CD │────>│ Secrets │────>│ sfp org │ │
│ │ Pipeline │ │ Store │ │ login │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │ │ │
│ │ ▼ │
│ │ ┌─────────────┐ │
│ │ │ Salesforce │ │
│ └──────────────────────────────>│ API │ │
│ └─────────────┘ │
│ │
│ $ sfp org login --url-file /tmp/auth --alias UAT │
│ $ sfp install --targetorg UAT --artifactdir ./artifacts │
│ │
│ ✅ Each environment needs its own secret (SFDX Auth URL) │
│ │
└─────────────────────────────────────────────────────────────────────────────┘Key Differences from Pro Edition
Credential Storage
CI/CD secrets (per env)
Encrypted in sfp-server
Access Control
Share secrets directly
Role-based access
Sandbox Refresh
Re-generate auth URL
Automatic via JIT
Environment Locking
Not available
Built-in
Audit Trail
CI/CD logs only
Complete access logging
Overview
Without sfp-server, authentication is handled through:
Local Salesforce CLI credential storage
SFDX Auth URLs stored as CI/CD secrets
Manual credential rotation and management
Authentication Methods
Web-based OAuth (Local Development)
For interactive local development:
SFDX Auth URL (CI/CD)
For automated pipelines, generate and store SFDX Auth URLs:
Generate Auth URL
Store as Secret
Store the auth URL in your CI/CD platform:
GitHub Actions: Repository Secret
Azure DevOps: Pipeline Variable (secret)
GitLab CI: CI/CD Variable (masked)
Use in Pipeline
CI/CD Setup
GitHub Actions
Azure DevOps
Managing Multiple Environments
Without sfp-server, you need separate secrets for each environment:
Environment-specific Deployment
Scratch Org Pools
Pool authentication works the same in community edition, using the DevHub:
See Scratch Org Pool Authentication for details.
Credential Rotation
Without centralized management, you must manually rotate credentials:
Re-authenticate locally:
Generate new auth URL:
Update CI/CD secret with new auth URL
Repeat for each environment
Limitations vs Pro Edition
Credential storage
Local + CI secrets
Centralized server
Team access
Share secrets
Role-based access
Credential rotation
Manual per env
Update once
Environment locking
Not available
Built-in
JIT sandbox auth
Not available
Automatic
Audit trail
Not available
Complete logging
Sandbox refresh handling
Re-authenticate
Automatic via JIT
Upgrading to Pro
When ready for centralized management:
Update pipelines to use
sfp server environment get --authenticate
Related Topics
SFDX Auth URL - Understanding auth URLs
Connected Apps - OAuth configuration
Scratch Org Pools - Pool authentication
Last updated