The HEROKU_API_KEY environment variable breaks auth commands. #572

zeke opened this Issue Sep 17, 2012 · 17 comments


None yet

This issue only affects a small slice of users, but I figured I should log it anyway. If you keep your HEROKU_API_KEY in ENV, you cannot switch accounts using the CLI, and heroku auth:whoami doesn't work.

Heroku member

@zeke - I was aware. I think maybe it should work as it does though. whoami ends up being weird for sure, but I don't think login/logout changing the environment would be a good idea. It seems like it would be confusing/problematic anyway.


This one was driving me crazy for the last 30 minutes.


I just wasted an hour scratching my head due to this issue.

  1. heroku login says 'Authentication Successful'
  2. heroku create fails with 'Authentication Failure'
  3. heroku logout says 'Local credentials cleared'
  4. heroku login again says 'Authentication Successful'

Of course, I had HEROKU_API_KEY set in my ENV long back which was now invalid.

But, I couldn't find any documentation on this anywhere in Heroku docs or help forums. Only way I found this issue was after I had tracked the issue down to HEROKU_API_KEY and searched for it in Issues.

I understand setting HEROKU_API_KEY in ENV may not be a supported/documented feature and we're on our own if we do.

But, since auth:login skips asking for credentials when ENV['HEROKU_API_KEY'] is set, at least a warning message indicating the same would help avoid such confusion.


Wow, thank you. Just spent an hour on that too.


👍 It was not apparent that it was happening because of env variable being set. Wasted quite some time to figure it out. I wish I had seen this issue then.


Would logging something like "Using HEROKU_API_KEY" before returning here be sufficient?


Yeah, that would be much better than just silently using it.


Patched in #1052 , but I don't know how applicable it is to our user base as a whole so ¯\(ツ)


I also suffered this. I had the HEROKU_API_KEY in my ENV, which I think was invalid after I changed my Heroku password recently (which regenerates your API key).


Having reset my Heroku password after the recent Heartbleed OpenSSL Vulnerability issue, I too have spent the last hour trying to figure this out. I had to manually $ heroku config:set HEROKU_API_KEY=*my_api_key*

Just thought I'd mention it here in case others are having the same issue at the moment.


This thing had me without access to my (production) heroku apps for a long while. I didn't realize that HEROKU_API_KEY was an actual, official, (albeit hidden) thing. I just had used that particular environment variable at one time for a python app that utilizes the heroku api. So when the API Key got changed, and I had an ENV var sitting around, everything was screwed up and broken, with no clues what was wrong.


>: heroku version
heroku-toolbelt/3.9.1 (x86_64-darwin10.8.0) ruby/1.9.3

>: heroku plugins
You have no installed plugins.

>: ls -al .netrc
ls: .netrc: No such file or directory

>: heroku logout
Local credentials cleared.

>: heroku login
Authentication successful.

>: heroku apps
Authentication failure

>: heroku keys
Authentication failure

The above was totally mind boggling

Heroku member

Agreed. When/where do you think we could best warn/notify about the config var usage to help with this? In login maybe? We probably shouldn't notify all the time, so narrowing it to the right time/place to be relevant would be good. Thanks!


Yes I think at login time would be most useful, although any "authentication failure" where its a problem with the HEROKU_API_KEY may be useful as well. As soon as I got an "Authentication failure" my first action was to re-authenticate with a logout/login. But not getting the opportunity to re-enter my login information (email/password) and being told "Authentication successful" without it actually being successful or even knowing what it was using to authenticate (I assumed it was a file or value saved somewhere) was very frustrating.


#1052 outputs it with every command, IIRC, but could likely be modified to only output at certain times

Heroku member

I also added a stderr message that will say HEROKU_API_KEY was used if there is an authentication failure



Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment