# SeaLights Agent Token Security

{% hint style="info" %}
Instructions for generating a SeaLights Agent token can be found [here](/knowledgebase/setup-and-configuration/getting-started/steps-for-successful-onboarding/generating-a-token.md).
{% endhint %}

The SeaLights Java Agent requires a valid SeaLights Agent token for authorization. This agent token can be passed as a string (using `--token`), in a text file (using `--tokenfile`) or as an environment variable.

## Recommended Approach <a href="#recommended-approach" id="recommended-approach"></a>

We recommend storing sensitive data like your SeaLights Agent Token using secure Secrets in your pipeline.

An alternative/supplemental approach is described below.

### Use Case: Encode a SL Agent Token for use with the SeaLights Java Agent <a href="#use-case-encode-a-sl-agent-token-for-use-with-the-sealights-java-agent" id="use-case-encode-a-sl-agent-token-for-use-with-the-sealights-java-agent"></a>

**Background:** The SeaLights Java Agent requires an Agent Token for authorization. In environments where using secure Secrets is not an option and/or security policies requires to use encrypted credentials, the SeaLights Java agents and build plugins support the use of encoded token values.

**Parameter**: `-encodeToken` \*See example below

**Scope**: The SeaLights Build Scanner can be used to generate an encoded version of your Agent Token.

**Since**:

* **Java Agent:** `4.0.2621`
* Maven Plugin: `4.0.1135`
* Gradle Plugin: `4.0.985`

#### **How to Encode a SeaLights Agent Token**

Use the SeaLights Build Scanner to encode your SeaLights Agent Token

1. as a string:

{% code overflow="wrap" lineNumbers="true" %}

```
java -jar sl-build-scanner.jar -encodeToken -tokenfile sltoken.txt -outputfile encoded.txt
```

{% endcode %}

2. as a file

{% code overflow="wrap" lineNumbers="true" %}

```
java -jar sl-build-scanner.jar -encodeToken -token <token-value-to-encode> -outputfile encoded.txt
```

{% endcode %}

The encoded token will be saved in the specified output file (e.g., `encoded.txt`).

#### **How to use an Encoded Token**

The encoded SeaLights Agent Token can be used in the same way as the token you download from the SeaLights settings page.

The encoded value can be passed using either the `token` or `tokenfile` arguments.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sealights.io/knowledgebase/setup-and-configuration/sealights-agents-and-plugins/java-agent/advanced-features/sealights-agent-token-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.