docs-v2/content/chronograf/v1/tools/chronoctl/token.md

---
title: chronoctl token
description: >
  The `token` command reads a private token file, generates and signs the nonce,
  and then returns an expiring token to be used in the `Authorization` header.
menu:
  chronograf_v1:
    name: chronoctl token
    parent: chronoctl
weight: 201
---

The `token` command reads a private token file, generates and signs the nonce,
and then returns an expiring token to be used in the `Authorization` header.
For example:

```sh
Authorization: CHRONOGRAF-SHA256 <returned-expiring-token>
```

## Usage
```
chronoctl token [flags]
```

## Flags
| Flag |                    | Description                                                   |  Env. Variable   |
| :--- | :----------------- | :------------------------------------------------------------ | :--------------: |
| `-h` | `--help`           | Output command help                                           |                  |
|      | `--chronograf-url` | Chronograf's URL _(default is `http://localhost:8888`)_       | `CHRONOGRAF_URL` |
| `-k` | `--skip-verify`    | Skip TLS certification verification                           |                  |
|      | `--priv-key-file`  | Private key file location for superadmin token authentication | `PRIV_KEY_FILE`  |

## Examples

The following example uses the RSA key used when started the Chronograf server and
returns an expiring token that can be used to gain superadmin access to Chronograf.

{{% note %}}
The private key must correspond to the public key used when starting the
Chronograf server.
{{% /note %}}

```sh
chronoctl token --priv-key-file /path/to/chronograf-rsa
```
Add missing chronoctl commands and clean up chronograf daemon page (#5181) * add missing chronoctl commands, closes influxdata/DAR#239, closes #3256 * Apply suggestions from code review Co-authored-by: Jason Stirnaman <stirnamanj@gmail.com> --------- Co-authored-by: Jason Stirnaman <stirnamanj@gmail.com> 2023-10-17 17:22:14 +00:00			`---`
			`title: chronoctl token`
			`description: >`
			The `token` command reads a private token file, generates and signs the nonce,
			and then returns an expiring token to be used in the `Authorization` header.
			`menu:`
			`chronograf_v1:`
			`name: chronoctl token`
			`parent: chronoctl`
			`weight: 201`
			`---`

			The `token` command reads a private token file, generates and signs the nonce,
			and then returns an expiring token to be used in the `Authorization` header.
			`For example:`

			```sh
			`Authorization: CHRONOGRAF-SHA256 <returned-expiring-token>`
			```

			`## Usage`
			```
			`chronoctl token [flags]`
			```

			`## Flags`
			`\| Flag \| \| Description \| Env. Variable \|`
			`\| :--- \| :----------------- \| :------------------------------------------------------------ \| :--------------: \|`
			\| `-h` \| `--help` \| Output command help \| \|
			\| \| `--chronograf-url` \| Chronograf's URL _(default is `http://localhost:8888`)_ \| `CHRONOGRAF_URL` \|
			\| `-k` \| `--skip-verify` \| Skip TLS certification verification \| \|
			\| \| `--priv-key-file` \| Private key file location for superadmin token authentication \| `PRIV_KEY_FILE` \|

			`## Examples`

			`The following example uses the RSA key used when started the Chronograf server and`
			`returns an expiring token that can be used to gain superadmin access to Chronograf.`

			`{{% note %}}`
			`The private key must correspond to the public key used when starting the`
			`Chronograf server.`
			`{{% /note %}}`

			```sh
			`chronoctl token --priv-key-file /path/to/chronograf-rsa`
			```