Influxdata
/
docs-v2
mirror of https://github.com/influxdata/docs-v2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
docs-v2/content/influxdb/clustered/admin/tokens/management/create.md

3.0 KiB
Raw Blame History

title description menu weight influxdb/clustered/tags related list_code_example
Create a management token Use the [`influxctl management create` command](/influxdb/clustered/reference/cli/influxctl/management/create) to manually create a management token.
influxdb_clustered
parent
Management tokens
201
tokens
/influxdb/clustered/admin/tokens/management/#use-a-management-token, Use a management token
/influxdb/clustered/reference/cli/influxctl/management/create/
```sh influxctl management create \ --expires-at $(date -v+1d -Iseconds) \ --description "Example token description" ```

By default, management tokens are short-lived tokens issued by an OAuth provider that grant a specific user administrative access to your {{< product-name omit=" Clustered">}} cluster. However, for automation purposes, you can manually create management tokens that authenticate directly with your InfluxDB cluster and do not require human interaction with your OAuth provider.

{{% warn %}}

For automation use cases only

The tools outlined below are meant for automation use cases and should not be used to circumvent your OAuth provider. Take great care when manually creating and using management tokens.

{{< product-name >}} requires at least one user associated with your cluster and authorized through OAuth to manually create a management token. {{% /warn %}}

  1. If you haven't already, download and install the influxctl CLI.

  2. Use the influxctl management create command to manually create a management token. Provide the following:

    • Optional: the --expires-at flag with an RFC3339 date string that defines the token expiration date and time--for example, {{< datetime/current-date offset=1 >}}. If expiration isn't set, the token does not expire until revoked.
    • Optional: the --description flag with a description for the management token in double quotes "".

{{% code-placeholders "RFC3339_EXPIRATION|TOKEN_DESCRIPTION" %}}

influxctl management create \
  --expires-at RFC3339_EXPIRATION \
  --description "TOKEN_DESCRIPTION"

{{% /code-placeholders %}}

Replace the following:

  • {{% code-placeholder-key %}}RFC3339_EXPIRATION{{% /code-placeholder-key %}}: An RFC3339 date string to expire the token at--for example, {{< datetime/current-date offset=1 >}}.
  • {{% code-placeholder-key %}}TOKEN_DESCRIPTION{{% /code-placeholder-key %}}: Management token description.

The output contains the management token string.

{{% note %}}

Store secure tokens in a secret store

Management token strings are returned only on token creation. We recommend storing database tokens in a secure secret store. For example, see how to authenticate Telegraf using tokens in your OS secret store. {{% /note %}}