6.0 KiB
| title | description | menu | weight | ||||
|---|---|---|---|---|---|---|---|
| influxctl token create | The `influxctl token create` command creates a database token with specified permissions to resources in an InfluxDB cluster. |
|
301 |
The influxctl token create command creates a database token with specified
permissions to resources in an InfluxDB cluster and outputs
the token string.
The --read-database and --write-database flags support the * wildcard
which grants read or write permissions to all databases. Enclose wildcards in
single or double quotes--for example: '*' or "*".
The --expires-at flag specifies the date and time a token should expire.
Provide an RFC3339 timestamp.
[!Important] If you don't specify a token expiration, the token never expires.
The --format flag lets you print the output in other formats.
The json format is available for programmatic parsing by other tooling.
Default: table.
Notable behaviors
- InfluxDB might take some time--from a few seconds to a few minutes--to
activate and synchronize new tokens. If a new database token doesn't
immediately work (you receive a
401 Unauthorizederror) for querying or writing, wait and then try again. - Token strings are viewable only on token creation.
[!Note]
Store secure tokens in a secret store
Token strings are viewable only on token creation and aren't stored by InfluxDB. We recommend storing database tokens in a secure secret store.
Usage
influxctl token create \
[--read-database=<DATABASE_NAME>] \
[--write-database=<DATABASE_NAME>] \
[--expires-at=<RFC3339_DATE>] \
<TOKEN_DESCRIPTION>
Arguments
| Argument | Description |
|---|---|
| TOKEN_DESCRIPTION | Database token description |
Flags
| Flag | Description | |
|---|---|---|
--expires-at |
Token expiration date and time in RFC3339 format | |
--format |
Output format (table (default) or json) |
|
--read-database |
Grant read permissions to a database (Repeatable) | |
--write-database |
Grant write permissions to a database (Repeatable) | |
-h |
--help |
Output command help |
{{% caption %}}
Also see influxctl global flags.
{{% /caption %}}
Examples
- Create a token with read and write access to a database
- Create a token with read and write access to all databases
- Create a token with read-only access to a database
- Create a token with read-only access to multiple databases
- Create a token with mixed permissions to multiple databases
- Create a token that expires in seven days
In the examples below, replace the following:
- {{% code-placeholder-key %}}
DATABASE_NAME{{% /code-placeholder-key %}}: your {{% product-name %}} database name - {{% code-placeholder-key %}}
DATABASE2_NAME{{% /code-placeholder-key %}}: your second {{% product-name %}} database name - {{% code-placeholder-key %}}
TOKEN_ID{{% /code-placeholder-key %}}: token ID to update
Create a token with read and write access to a database
{{% code-placeholders "DATABASE_NAME" %}}
influxctl token create \
--read-database DATABASE_NAME \
--write-database DATABASE_NAME \
"Read/write token for DATABASE_NAME"
{{% /code-placeholders %}}
Create a token with read and write access to all databases
influxctl token create \
--read-database "*" \
--write-database "*" \
"Read/write token for all databases"
Create a token with read-only access to a database
{{% code-placeholders "DATABASE_NAME" %}}
influxctl token create \
--read-database DATABASE_NAME \
"Read-only token for DATABASE_NAME"
{{% /code-placeholders %}}
Create a token with read-only access to multiple databases
{{% code-placeholders "DATABASE_NAME|DATABASE2_NAME" %}}
influxctl token create \
--read-database DATABASE_NAME \
--read-database DATABASE2_NAME \
"Read-only token for DATABASE_NAME and DATABASE2_NAME"
{{% /code-placeholders %}}
Create a token with mixed permissions to multiple databases
{{% code-placeholders "DATABASE_NAME|DATABASE2_NAME" %}}
influxctl token create \
--read-database DATABASE_NAME \
--read-database DATABASE2_NAME \
--write-database DATABASE2_NAME \
"Read-only on DATABASE_NAME, read/write on DATABASE2_NAME"
{{% /code-placeholders %}}
Create a token that expires in seven days
{{% code-placeholders "DATABASE_NAME" %}}
{{< code-tabs-wrapper >}} {{% code-tabs %}} Linux macOS {{% /code-tabs %}} {{% code-tab-content %}}
influxctl token create \
--read-database DATABASE_NAME \
--write-database DATABASE_NAME \
--expires-at $(date -d "+7 days" +"%Y-%m-%dT%H:%M:%S%z") \
"Read/write token for DATABASE_NAME with 7d expiration"
{{% /code-tab-content %}} {{% code-tab-content %}}
influxctl token create \
--read-database DATABASE_NAME \
--write-database DATABASE_NAME \
--expires-at $(gdate -d "+7 days" +"%Y-%m-%dT%H:%M:%S%z") \
"Read/write token for DATABASE_NAME with 7d expiration"
{{% /code-tab-content %}} {{< /code-tabs-wrapper >}}
{{% /code-placeholders %}}