Influxdata
/
docs-v2
mirror of https://github.com/influxdata/docs-v2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
docs-v2/content/shared/influxdb3-admin/tokens/admin/regenerate.md

3.4 KiB
Raw Permalink Blame History

Use the influxdb3 CLI or the HTTP API to regenerate an admin token. Regenerate a token to rotate it as part of your security practices or if you suspect the token has been compromised.

{{< show-in "enterprise" >}} Regenerating an admin token deactivates the previous token, stores the SHA512 hash and metadata of the new token, and returns the new token string. {{< /show-in >}} {{< show-in "core" >}} Regenerating the admin token deactivates the previous token, updates the _admin token SHA512 hash and metadata, and returns the new token string. {{< /show-in >}}

An admin token grants access to all actions on the server.

Prerequisite

To regenerate a token, you need the current token string.

Use the CLI or HTTP API to regenerate an admin token

[!Important]

Securely store your token

InfluxDB lets you view the token string only when you create the token. Store your token in a secure location, as you cannot retrieve it from the database later. InfluxDB 3 stores only the token's hash and metadata in the catalog.

{{< tabs-wrapper >}} {{% tabs %}} CLI HTTP API {{% /tabs %}} {{% tab-content %}}

Use the --regenerate flag with the influxdb3 create token --admin subcommand--for example:

{{% code-placeholders "ADMIN_TOKEN" %}}

influxdb3 create token --admin \
  --token ADMIN_TOKEN \
  --regenerate

{{% /code-placeholders %}}

In your command, replace {{% code-placeholder-key %}}ADMIN_TOKEN{{% /code-placeholder-key %}} with the current token string.

The CLI asks for confirmation before regenerating the token. The output contains the new token string and InfluxDB deactivates the previous token string.

{{% /tab-content %}} {{% tab-content %}}

Use the following HTTP API endpoint:

{{% show-in "core" %}} {{% api-endpoint method="POST" endpoint="/api/v3/configure/token/admin/regenerate" api-ref="/influxdb3/version/api/v3/configure/token/admin/regenerate" %}} {{% /show-in %}}

{{% show-in "enterprise" %}} {{% api-endpoint method="POST" endpoint="/api/v3/enterprise/configure/token/admin/regenerate" api-ref="/influxdb3/version/api/v3/enterprise/configure/token/admin" %}} {{% /show-in %}}

In your request, send an Authorization header with your current admin token string --for example:

{{% show-in "core" %}} {{% code-placeholders "ADMIN_TOKEN" %}}

curl -X POST "http://{{< influxdb/host >}}/api/v3/configure/token/admin" \
  --header "Authorization: Bearer ADMIN_TOKEN" \
  --header "Accept: application/json"

{{% /code-placeholders %}} {{% /show-in %}}

{{% show-in "enterprise" %}} {{% code-placeholders "ADMIN_TOKEN" %}}

curl -X POST "http://{{< influxdb/host >}}/api/v3/enterprise/configure/token/admin" \
  --header "Authorization: Bearer ADMIN_TOKEN" \
  --header "Accept: application/json"

{{% /code-placeholders %}} {{% /show-in %}}

In your command, replace {{% code-placeholder-key %}}ADMIN_TOKEN{{% /code-placeholder-key %}} with the current token string.

The output contains the new token string and InfluxDB deactivates the previous token string.

{{% /tab-content %}} {{< /tabs-wrapper >}}