Generate a random password for scratch org users.
By default, new scratch orgs contain one admin user with no password. Use this command to generate or change a password for this admin user. After it's set, you can’t unset a password, you can only change it.
You can also use the --on-behalf-of flag to generate a password for a scratch org user that you've created locally with the "org create user" command. This command doesn't work for users you created in the scratch org using Setup.
To change the password strength, set the --complexity flag to a value between 0 and 5. Each value specifies the types of characters used in the generated password:
0 - lower case letters only 1 - lower case letters and numbers only 2 - lower case letters and symbols only 3 - lower and upper case letters and numbers only 4 - lower and upper case letters and symbols only 5 - lower and upper case letters and numbers and symbols only
To see a password that was previously generated, run "org display user".
-
Generate a password for the original admin user of your default scratch org:
<%= config.bin %> <%= command.id %>
-
Generate a password that contains 25 characters for the original admin user of the scratch org with alias "my-scratch":
<%= config.bin %> <%= command.id %> --length 25 --target-org my-scratch
-
Generate a password for your default scratch org admin user that uses lower and upper case letters and numbers only:
<%= config.bin %> <%= command.id %> --complexity 3
-
Generate a password for the specified users in the default scratch org; these users must have been created locally with the "org create user" command:
<%= config.bin %> <%= command.id %> --on-behalf-of user1@my.org --on-behalf-of user2@my.org --on-behalf-of user3@my.org
Comma-separated list of usernames or aliases to assign the password to; must have been created locally with the "org create user" command.
Number of characters in the generated password; valid values are between 20 and 100. Default value is 20.
Level of password complexity or strength; the higher the value, the stronger the password.
Create a scratch org with the enableSetPasswordInApi org security setting set to TRUE and try again.
Starting in Spring '21, EnableSetPasswordInApi is a feature in your scratch org definition file and not a setting. This change is a result of the field Settings.securitySettings.passwordPolicies.enableSetPasswordInApi being deprecated in version 51.0 of the Metadata API.
- Update your scratch org definition file and remove enableSetPasswordInApi from the "securitySettings" setting. Then add EnableSetPasswordInApi as a feature. For example:
- "features": ["EnableSetPasswordInApi"]
- Then try creating the scratch org again.
Starting in Summer '26, this command will fail if you specify a password length below 20. For now, the command is generating a password of length 20 instead of the requested length.
Starting in Summer '26, this command will fail if you specify a password complexity below 3. For now, the command is generating a password of complexity 3 instead of the requested complexity.
Successfully set the password "%s" for user %s.
Successfully set passwords:%s
You can see the password again by running "%s org display user -o %s".
Scratch org alias or login user.
Found a comma-separated list of usernames or aliases for the --on-behalf-of flag. Either specify one per flag or separate by a space.