Zephyr Cloud Docs

    CI/CD Integration using Server token

    The Server Auth Token allows you to authenticate Zephyr plugins at the organization level without needing individual user credentials for every operation. It identifies the user performing actions via their email and enables secure access to Zephyr on behalf of your organization.

    Alternative: Personal Tokens

    Server tokens provide organization-level authentication. For individual user authentication, see the Personal Token CI/CD Integration guide. Personal tokens are useful for personal projects or when you need user-specific permissions. Learn more in the CI/CD Personal Token guide.

    Overview

    Generate an Server API Token

    To use Zephyr Cloud in CI/CD pipelines, you'll need an API token for authentication:

    Organization Settings

    Go to your Organization Settings in Zephyr.

    org settings screen

    Server Tokens section

    Navigate to the Server Tokens section.

    server token section screen

    Click Generate Token Button

    Fill out the required information about the token you're about to generate

    server token screen

    Click Generate

    Copy the token for usage where you need to use it

    server token created screen

    GitHub Actions

    Zephyr requires an authenticated user to publish updates. Configure your GitHub Actions pipeline to build and deploy with Zephyr by adding a token to your repository secrets.

    Adding the GitHub Secret

    1. Create a token on your organization settings page
    2. Add it as a repository secret in GitHub
    3. The secret must be assigned to the ZE_SERVER_TOKEN environment variable
    4. Set user email
    pull_request.yml
    env:
  ZE_SERVER_TOKEN: ${{ secrets.ZEPHYR_AUTH_TOKEN }}
  ZE_USER_EMAIL: <User Email>

    Authentication Behavior

    When the Zephyr plugin detects the ZE_SERVER_TOKEN environment variable, it will automatically authenticate with the Zephyr API, bypassing the usual login step. The Zephyr needs a user email to identify who is performing builds. You can provide it in one of two ways:

    • Automatically from Git config
    • Manually via environment variable ZE_USER_EMAIL

    You'll see this confirmation in the console:

     ZEPHYR   Token found in environment. Using secret token for authentication.

    GitLab CI/CD

    Configure your GitLab Runner pipeline to build and deploy with Zephyr by adding a token to the CI/CD variables.

    Adding the GitLab CI/CD Variable

    1. Create a full access token on your Organization Server tokens page page
    2. Add it as a CI/CD variable in your GitLab project:

    Steps to add the token:

    1. Navigate to your GitLab project
    2. Go to SettingsCI/CD
    3. Expand the Variables section
    4. Click Add variable
    5. Configure the variable:
      • Key: ZE_SERVER_TOKEN
      • Key: ZE_USER_EMAIL
      • Value: Your Zephyr API token
      • Type: Variable
      • Environment scope: All (or specify specific environments)
      • Protect variable: ✅ Check if you want to use it only in protected branches
      • Mask variable: ✅ Check to hide the value in job logs

    Using the Token in GitLab CI/CD

    In your .gitlab-ci.yml file, the token will be automatically available as an environment variable:

    .gitlab-ci.yml
    build:
  stage: build
  script:
    - npm install
    - npm run build
  variables:
    ZE_SERVER_TOKEN: $ZE_SERVER_TOKEN
    ZE_USER_EMAIL: $ZE_USER_EMAIL

    For more explicit control, you can also reference it directly:

    .gitlab-ci.yml
    deploy:
  stage: deploy
  script:
    - npm install
    - npm run build
  environment:
    name: production
  variables:
    ZE_SERVER_TOKEN: $ZE_SERVER_TOKEN
    ZE_USER_EMAIL: $ZE_USER_EMAIL

    Authentication Behavior

    When the Zephyr plugin detects the ZE_SERVER_TOKEN environment variable, it will automatically authenticate with the Zephyr API, bypassing the usual login step.

    You'll see this confirmation in the console:

     ZEPHYR   Token found in environment. Using secret token for authentication

    Complete Pipeline Example

    Here's a full GitLab CI/CD pipeline configured for Zephyr deployment:

    .gitlab-ci.yml
    stages:
  - install
  - build
  - deploy

variables:
  npm_config_cache: '$CI_PROJECT_DIR/.npm'

cache:
  key: ${CI_COMMIT_REF_SLUG}
  paths:
    - .npm/
    - node_modules/

install:
  stage: install
  script:
    - npm ci --cache .npm --prefer-offline
  artifacts:
    paths:
      - node_modules/
    expire_in: 1 hour

build:
  stage: build
  script:
    - npm run build
  artifacts:
    paths:
      - dist/
    expire_in: 1 day
  variables:
    ZE_SERVER_TOKEN: $ZE_SERVER_TOKEN
    ZE_USER_EMAIL: $ZE_USER_EMAIL

deploy:
  stage: deploy
  script:
    - npm run deploy
  only:
    - main
  environment:
    name: production
  variables:
    ZE_SERVER_TOKEN: $ZE_SERVER_TOKEN
    ZE_USER_EMAIL: $ZE_USER_EMAIL

    Security Notes

    • Do not share server tokens publicly.
    • Rotate tokens regularly and revoke any that may be compromised.
    • Remember: server tokens provide organization-level access, so they are sensitive credentials.

    Troubleshooting

    Authentication Issues

    Token not found error:

    • Verify the variables names are exactly ZE_SERVER_TOKEN and ZE_USER_EMAIL
    • Ensure the variables are available in the environment where your job runs
    • Check that the token hasn't expired

    GitLab-Specific Issues

    Protected variables:

    • If using protected variables, ensure your pipeline runs on a protected branch or tag

    Masked variables:

    • Masked variables won't appear in job logs (recommended for security)
    • Temporarily unmask if you need to troubleshoot, then re-mask for production

    Variable scope:

    • Check that the variable scope matches your pipeline's environment requirements