Accessing Environments
This guide walks through common scenarios for accessing environments with sfp-server, from local development to production deployments.
Complete Flow: From Login to Deployment
Here's the complete end-to-end flow for a developer to access an environment and deploy:
┌─────────────────────────────────────────────────────────────────────────────┐
│ End-to-End Authentication Flow │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ STEP 1: Authenticate to sfp-server (one-time until token expires) │
│ ───────────────────────────────────────────────────────────────── │
│ │
│ $ sfp server auth login --email [email protected] --provider github │
│ │
│ ┌────────────┐ │
│ │ Browser │ → GitHub OAuth → Authorize → Callback to CLI │
│ └────────────┘ │
│ │ │
│ ▼ │
│ ┌────────────┐ │
│ │ Keychain │ Token stored securely (valid ~24h) │
│ └────────────┘ │
│ │
│ STEP 2: Get environment and authenticate locally │
│ ──────────────────────────────────────────────── │
│ │
│ $ sfp server environment get \ │
│ --name UAT \ │
│ --repository myorg/salesforce-app \ │
│ --auth-type accessToken \ │
│ --authenticate │
│ │
│ ┌────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Keychain │────>│ sfp-server │────>│ Salesforce │ │
│ │ (get token)│ │ API │ │ Auth │ │
│ └────────────┘ └─────────────┘ └─────────────┘ │
│ │ │ │ │
│ │ │ Decrypt & │ │
│ │ │ return creds │ │
│ │<──────────────────┘ │ │
│ │ │ │
│ └───────────────────────────────────────┘ │
│ Create local SF auth (alias: "UAT") │
│ │
│ STEP 3: Use sfp commands with the authenticated org │
│ ─────────────────────────────────────────────────── │
│ │
│ $ sfp install --targetorg UAT --artifactdir ./artifacts │
│ $ sfp release --targetorg UAT --releasedefinition ./release.yaml │
│ │
│ ✅ The org "UAT" is now available for all sfp and sf commands │
│ │
└─────────────────────────────────────────────────────────────────────────────┘Quick Start Commands
Scenario 1: Local Development
As a developer, you need to access a development environment for daily work.
One-time Setup
Installing an artifact
Switching Environments
Scenario 2: CI/CD Pipeline Deployment
Setting up a GitHub Actions workflow that deploys to multiple environments.
Repository Secrets Setup
Configure these secrets in your repository:
SFP_SERVER_URL- Your sfp-server URLSFP_SERVER_TOKEN- Application token for CI/CD
Basic Deployment Workflow
Production Deployment with Locking
Scenario 3: Multi-Environment Pipeline
A complete pipeline that progresses through SIT → UAT → Staging → Production.
Scenario 4: Team Access Setup
Setting up environments for a team with different access levels.
Initial Setup (Admin/Owner)
Developer Access
CI/CD Service Account
Scenario 5: Handling Sandbox Refreshes
When a sandbox is refreshed, JIT authentication handles it automatically.
Before Refresh
After Refresh
No credential updates needed!
Scenario 6: Debugging Access Issues
Check Your Authentication
Verify Environment Details
Test Credential Access
Common Issues and Solutions
"Environment not found"
"Unauthorized"
"Cannot retrieve credentials"
Quick Reference
Environment Access Commands
List environments
sfp server environment list --repository REPO
Get environment info
sfp server environment get --name NAME --repository REPO
Authenticate to env
sfp server environment get --name NAME --repository REPO --authenticate
Lock environment
sfp server environment lock --name NAME --repository REPO --reason "..."
Unlock environment
sfp server environment unlock --name NAME --repository REPO --lock-ticket-id ID
Common Flags
--authenticate
Also authenticate the org locally
--auth-type
accessToken (short-lived) or sfdxAuthUrl (long-lived)
--lock-ticket-id
Use with locked environments
--json
Output as JSON for scripting
Related Topics
Environments - Environment concepts
Environment Locking - Concurrency control
Server Authentication - Auth with sfp-server
Org Registration - Register orgs
Last updated