Shift with red gradient lettering

Authorizing the Shift Build

In order to provide more intelligent and precise automation, some Shifts perform analysis. This requires building your projects by installing your dependencies and running scripts like artisan.

Currently, the Workbench as well as the following Shifts attempt to build your project:

If you run one of these Shifts against a Laravel application with private dependencies, you may need to configure Shift.

Note: Shift has access to all first-party Laravel packages such as Spark and Nova, as well as some popular community packages from Spatie. As such, you are not required to configure authorization for these packages.

Conveniently, you may authorize Shift the same way you would a CI or deployment service — through Composer authentication

You may do so using an auth.json file, or, if you have a Shifty Plan, you may add this configuration to your plan settings.

Creating an auth.json file not only allows Shift to build your project, but other services like Forge and Chipper CI, as well as other developers working with your code.

To configure an auth.json file, first add one to your project at the same level of your composer.json file. This file contains credentials for composer to download dependencies from private sources. While these credentials may be a user account, it's better to generate a token. You should treat these tokens like passwords.

The process for generating a token will vary. To generate a token for common sources, review the documentation from GitHub, Bitbucket, or GitLab.

Once you have obtained this token, use it as the credentials for that source within your auth.json file.

The following auth.json file serves as an example for setting a token for each of the common Git services, as well as a commercial package like Nova:

    "http-basic": {
        "" : {
            "username": "nova-username",
            "password": "nova-password"
    "github-oauth": {
        "": "ghp_1234567890"
    "gitlab-oauth": {
        "": "gitlab-token-1234567890"
    "bitbucket-oauth": {
        "": {
            "consumer-key": "bitbucket-consumer-key-1234567890",
            "consumer-secret": "bitbucket-consumer-secret-1234567890"

Note: If you are concerned about sharing credentials, you are not required to commit your auth.json file. Instead, you may copy its contents and paste them into your Shifty Plan settings or when running one of these Shifts individually. They will be stored encrypted and only accessed by Shift's private servers when you run a Shift.

Sign in with any of the following services to connect Shift with your Laravel project.

Don't use one of these services?

Temporarily push your project to a free, private repository on one of these cloud-based services or upgrade your project locally with Shift for Docker.