# SeaLights Agent Token Security

{% hint style="info" %}
Instructions for generating a SeaLights Agent token can be found [here](https://docs.sealights.io/knowledgebase/setup-and-configuration/getting-started/steps-for-successful-onboarding/generating-a-token).
{% endhint %}

The SeaLights Java Agent requires a valid SeaLights Agent token for authorization. This agent token can be passed as a string (using `--token`), in a text file (using `--tokenfile`) or as an environment variable.

## Recommended Approach <a href="#recommended-approach" id="recommended-approach"></a>

We recommend storing sensitive data like your SeaLights Agent Token using secure Secrets in your pipeline.

An alternative/supplemental approach is described below.

### Use Case: Encode a SL Agent Token for use with the SeaLights Java Agent <a href="#use-case-encode-a-sl-agent-token-for-use-with-the-sealights-java-agent" id="use-case-encode-a-sl-agent-token-for-use-with-the-sealights-java-agent"></a>

**Background:** The SeaLights Java Agent requires an Agent Token for authorization. In environments where using secure Secrets is not an option and/or security policies requires to use encrypted credentials, the SeaLights Java agents and build plugins support the use of encoded token values.

**Parameter**: `-encodeToken` \*See example below

**Scope**: The SeaLights Build Scanner can be used to generate an encoded version of your Agent Token.

**Since**:

* **Java Agent:** `4.0.2621`
* Maven Plugin: `4.0.1135`
* Gradle Plugin: `4.0.985`

#### **How to Encode a SeaLights Agent Token**

Use the SeaLights Build Scanner to encode your SeaLights Agent Token

1. as a string:

{% code overflow="wrap" lineNumbers="true" %}

```
java -jar sl-build-scanner.jar -encodeToken -tokenfile sltoken.txt -outputfile encoded.txt
```

{% endcode %}

2. as a file

{% code overflow="wrap" lineNumbers="true" %}

```
java -jar sl-build-scanner.jar -encodeToken -token <token-value-to-encode> -outputfile encoded.txt
```

{% endcode %}

The encoded token will be saved in the specified output file (e.g., `encoded.txt`).

#### **How to use an Encoded Token**

The encoded SeaLights Agent Token can be used in the same way as the token you download from the SeaLights settings page.

The encoded value can be passed using either the `token` or `tokenfile` arguments.