How to expose login information to devs for scratch orgs created in cicd pipelines?

[digiur]

With the recent change to login links generated from org open (one time use, 60 second expiration) what is the recommended way to allow a developer to log into a scratch org created in a CICD pipeline?

We create scratch orgs in a CICD pipelines and have multiple different developers log into those scratch orgs. Previously we simply exposed the login link generated from org open and that worked great for our workflow but I now understand that's a security risk and not only not recommended, but now impossible.

[cristiand391]

hey, sorry for the late reply.

for CI/headless auth usage we recommend using jwt auth:
https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_jwt_flow.htm#sfdx_dev_auth_jwt_scratch

Previously we simply exposed the login link generated from org open and that worked great for our workflow but I now understand that's a security risk and not only not recommended, but now impossible.

are you managing some sort of scratch org pool?
you could run sf org generate password to generate a password for the default scratch admin user, then keep those creds safely with the instance URL and devs grab those to log in.